diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6a9fb1af8d..98860ebeef 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2524,12 +2524,24 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * - In particular, do not copy the output anywhere but to a * memory or storage space that you have exclusive access to. * + * This function does not require the input to be aligned to any + * particular block boundary. If the implementation can only process + * a whole block at a time, it must consume all the input provided, but + * it may delay the end of the corresponding output until a subsequent + * call to psa_aead_update(), psa_aead_finish() or psa_aead_verify() + * provides sufficient input. The amount of data that can be delayed + * in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the message fragment to * encrypt or decrypt. * \param input_length Size of the \p input buffer in bytes. * \param[out] output Buffer where the output is to be written. * \param output_size Size of the \p output buffer in bytes. + * This must be at least + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, + * \p input_length) where \c alg is the + * algorithm that is being calculated. * \param[out] output_length On success, the number of bytes * that make up the returned output. * @@ -2540,6 +2552,9 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * or already completed). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. + * You can determine a sufficient buffer size by calling + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length) + * where \c alg is the algorithm that is being calculated. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -2570,9 +2585,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * * This function has two output buffers: * - \p ciphertext contains trailing ciphertext that was buffered from - * preceding calls to psa_aead_update(). For all standard AEAD algorithms, - * psa_aead_update() does not buffer any output and therefore \p ciphertext - * will not contain any output and can be a 0-sized buffer. + * preceding calls to psa_aead_update(). * - \p tag contains the authentication tag. Its length is always * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm * that the operation performs. @@ -2583,11 +2596,18 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * \param[out] ciphertext Buffer where the last part of the ciphertext * is to be written. * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be at least + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where + * \c alg is the algorithm that is being + * calculated. * \param[out] ciphertext_length On success, the number of bytes of * returned ciphertext. * \param[out] tag Buffer where the authentication tag is * to be written. * \param tag_size Size of the \p tag buffer in bytes. + * This must be at least + * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is + * the algorithm that is being calculated. * \param[out] tag_length On success, the number of bytes * that make up the returned tag. * @@ -2598,6 +2618,11 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * decryption, or already completed). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p ciphertext or \p tag buffer is too small. + * You can determine a sufficient buffer size for \p ciphertext by + * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) + * where \c alg is the algorithm that is being calculated. + * You can determine a sufficient buffer size for \p tag by + * calling #PSA_AEAD_TAG_LENGTH(\c alg). * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -2631,6 +2656,18 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * When this function returns, the operation becomes inactive. * * \param[in,out] operation Active AEAD operation. + * \param[out] plaintext Buffer where the last part of the plaintext + * is to be written. This is the remaining data + * from previous calls to psa_aead_update() + * that could not be processed until the end + * of the input. + * \param plaintext_size Size of the \p plaintext buffer in bytes. + * This must be at least + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where + * \c alg is the algorithm that is being + * calculated. + * \param[out] plaintext_length On success, the number of bytes of + * returned plaintext. * \param[in] tag Buffer containing the authentication tag. * \param tag_length Size of the \p tag buffer in bytes. * @@ -2639,6 +2676,11 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (not set up, nonce not set, * encryption, or already completed). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p plaintext buffer is too small. + * You can determine a sufficient buffer size for \p plaintext by + * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) + * where \c alg is the algorithm that is being calculated. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -2653,6 +2695,9 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * \retval #PSA_ERROR_TAMPERING_DETECTED */ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, const uint8_t *tag, size_t tag_length); diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 39dbccb898..cab896e8a4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -53,6 +53,9 @@ #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8) #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8) +#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \ + (((length) + (block_size) - 1) / (block_size) * (block_size)) + /** The size of the output of psa_hash_finish(), in bytes. * * This is also the hash size that psa_hash_verify() expects. @@ -309,27 +312,6 @@ (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \ 0) -/** The maximum size of the output of psa_aead_finish(), in bytes. - * - * If the size of the ciphertext buffer is at least this large, it is - * guaranteed that psa_aead_finish() will not fail due to an - * insufficient buffer size. Depending on the algorithm, the actual size of - * the ciphertext may be smaller. - * - * \param alg An AEAD algorithm - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(\p alg) is true). - * - * \return The maximum trailing ciphertext size for the - * specified algorithm. - * If the AEAD algorithm is not recognized, return 0. - * An implementation may return either 0 or a - * correct size for an AEAD algorithm that it - * recognizes, but does not support. - */ -#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \ - ((size_t)0) - /** The maximum size of the output of psa_aead_decrypt(), in bytes. * * If the size of the plaintext buffer is at least this large, it is @@ -351,7 +333,81 @@ */ #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \ - (plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) : \ + (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \ + 0) + +/** A sufficient output buffer size for psa_aead_update(). + * + * If the size of the output buffer is at least this large, it is + * guaranteed that psa_aead_update() will not fail due to an + * insufficient buffer size. The actual size of the output may be smaller + * in any given call. + * + * \param alg An AEAD algorithm + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * \param input_length Size of the input in bytes. + * + * \return A sufficient output buffer size for the specified + * algorithm. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. + */ +/* For all the AEAD modes defined in this specification, it is possible + * to emit output without delay. However, hardware may not always be + * capable of this. So for modes based on a block cipher, allow the + * implementation to delay the output until it has a full block. */ +#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \ + (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \ + (input_length)) + +/** A sufficient ciphertext buffer size for psa_aead_finish(). + * + * If the size of the ciphertext buffer is at least this large, it is + * guaranteed that psa_aead_finish() will not fail due to an + * insufficient ciphertext buffer size. The actual size of the output may + * be smaller in any given call. + * + * \param alg An AEAD algorithm + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \return A sufficient ciphertext buffer size for the + * specified algorithm. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. + */ +#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \ + (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ + PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \ + 0) + +/** A sufficient plaintext buffer size for psa_aead_verify(). + * + * If the size of the plaintext buffer is at least this large, it is + * guaranteed that psa_aead_verify() will not fail due to an + * insufficient plaintext buffer size. The actual size of the output may + * be smaller in any given call. + * + * \param alg An AEAD algorithm + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \return A sufficient plaintext buffer size for the + * specified algorithm. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. + */ +#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \ + (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ + PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \ 0) #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index fa0d14d4fb..0b08b69e57 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -402,6 +402,15 @@ * legacy protocols. */ #define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004) +/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm. + * + * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539. + * + * Implementations must support 12-byte nonces, may support 8-byte nonces, + * and should reject other sizes. + */ +#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x40000005) + /** RSA public key. */ #define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000) /** RSA key pair (private and public key). */ @@ -836,6 +845,18 @@ */ #define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800001) +/** The ChaCha20 stream cipher. + * + * ChaCha20 is defined in RFC 7539. + * + * The nonce size for psa_cipher_set_iv() or psa_cipher_generate_iv() + * must be 12. + * + * The initial block counter is always 0. + * + */ +#define PSA_ALG_CHACHA20 ((psa_algorithm_t)0x04800005) + /** The CTR stream cipher mode. * * CTR is a stream cipher which is built from a block cipher. @@ -874,13 +895,39 @@ */ #define PSA_ALG_CBC_PKCS7 ((psa_algorithm_t)0x04600101) +#define PSA_ALG_AEAD_FROM_BLOCK_FLAG ((psa_algorithm_t)0x00400000) + +/** Whether the specified algorithm is an AEAD mode on a block cipher. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is an AEAD algorithm which is an AEAD mode based on + * a block cipher, 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not a supported + * algorithm identifier. + */ +#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) \ + (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \ + (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) + /** The CCM authenticated encryption algorithm. */ -#define PSA_ALG_CCM ((psa_algorithm_t)0x06001001) +#define PSA_ALG_CCM ((psa_algorithm_t)0x06401001) /** The GCM authenticated encryption algorithm. */ -#define PSA_ALG_GCM ((psa_algorithm_t)0x06001002) +#define PSA_ALG_GCM ((psa_algorithm_t)0x06401002) + +/** The Chacha20-Poly1305 AEAD algorithm. + * + * The ChaCha20_Poly1305 construction is defined in RFC 7539. + * + * Implementations must support 12-byte nonces, may support 8-byte nonces, + * and should reject other sizes. + * + * Implementations must support 16-byte tags and should reject other sizes. + */ +#define PSA_ALG_CHACHA20_POLY1305 ((psa_algorithm_t)0x06001005) /* In the encoding of a AEAD algorithm, the bits corresponding to * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag. @@ -924,6 +971,7 @@ ( \ PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CCM) \ PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_GCM) \ + PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \ 0) #define PSA__ALG_AEAD_WITH_DEFAULT_TAG_LENGTH__CASE(aead_alg, ref) \ PSA_ALG_AEAD_WITH_TAG_LENGTH(aead_alg, 0) == \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 54c1731a19..621790b3f2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -39,9 +39,8 @@ #include #include -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else +#if !defined(MBEDTLS_PLATFORM_C) #define mbedtls_calloc calloc #define mbedtls_free free #endif @@ -52,6 +51,8 @@ #include "mbedtls/bignum.h" #include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" +#include "mbedtls/chacha20.h" +#include "mbedtls/chachapoly.h" #include "mbedtls/cipher.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" @@ -180,6 +181,14 @@ static psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: + return( PSA_ERROR_INVALID_ARGUMENT ); + + case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: + return( PSA_ERROR_BAD_STATE ); + case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: + return( PSA_ERROR_INVALID_SIGNATURE ); + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: return( PSA_ERROR_NOT_SUPPORTED ); case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: @@ -284,6 +293,11 @@ static psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_PK_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED: + return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED: + return( PSA_ERROR_NOT_SUPPORTED ); + case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); @@ -461,6 +475,12 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type, if( bits < 8 || bits > 2048 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; +#endif +#if defined(MBEDTLS_CHACHA20_C) + case PSA_KEY_TYPE_CHACHA20: + if( bits != 256 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; #endif default: return( PSA_ERROR_NOT_SUPPORTED ); @@ -2092,6 +2112,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( switch( alg ) { case PSA_ALG_ARC4: + case PSA_ALG_CHACHA20: mode = MBEDTLS_MODE_STREAM; break; case PSA_ALG_CTR: @@ -2115,6 +2136,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ): mode = MBEDTLS_MODE_GCM; break; + case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ): + mode = MBEDTLS_MODE_CHACHAPOLY; + break; default: return( NULL ); } @@ -2150,6 +2174,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_KEY_TYPE_ARC4: cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; break; + case PSA_KEY_TYPE_CHACHA20: + cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; + break; default: return( NULL ); } @@ -3384,6 +3411,11 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ); } +#if defined(MBEDTLS_CHACHA20_C) + else + if( alg == PSA_ALG_CHACHA20 ) + operation->iv_size = 12; +#endif exit: if( status == 0 ) @@ -3697,6 +3729,9 @@ typedef struct #if defined(MBEDTLS_GCM_C) mbedtls_gcm_context gcm; #endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + mbedtls_chachapoly_context chachapoly; +#endif /* MBEDTLS_CHACHAPOLY_C */ } ctx; psa_algorithm_t core_alg; uint8_t full_tag_length; @@ -3747,6 +3782,9 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, 0 ): operation->core_alg = PSA_ALG_CCM; operation->full_tag_length = 16; + /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. + * The call to mbedtls_ccm_encrypt_and_tag or + * mbedtls_ccm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ccm_init( &operation->ctx.ccm ); @@ -3763,6 +3801,9 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ): operation->core_alg = PSA_ALG_GCM; operation->full_tag_length = 16; + /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. + * The call to mbedtls_gcm_crypt_and_tag or + * mbedtls_gcm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->type ) != 16 ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_gcm_init( &operation->ctx.gcm ); @@ -3770,9 +3811,27 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, operation->slot->data.raw.data, (unsigned int) key_bits ) ); + if( status != 0 ) + goto cleanup; break; #endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ): + operation->core_alg = PSA_ALG_CHACHA20_POLY1305; + operation->full_tag_length = 16; + /* We only support the default tag length. */ + if( alg != PSA_ALG_CHACHA20_POLY1305 ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_chachapoly_init( &operation->ctx.chachapoly ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, + operation->slot->data.raw.data ) ); + if( status != 0 ) + goto cleanup; + break; +#endif /* MBEDTLS_CHACHAPOLY_C */ + default: return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3783,9 +3842,6 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, goto cleanup; } operation->tag_length = PSA_AEAD_TAG_LENGTH( alg ); - /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. - * GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. - * In both cases, mbedtls_xxx will validate the tag length below. */ return( PSA_SUCCESS ); @@ -3853,6 +3909,26 @@ psa_status_t psa_aead_encrypt( psa_key_handle_t handle, } else #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 || operation.tag_length != 16 ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly, + plaintext_length, + nonce, + additional_data, + additional_data_length, + plaintext, + ciphertext, + tag ) ); + } + else +#endif /* MBEDTLS_CHACHAPOLY_C */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3910,15 +3986,15 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, if( status != PSA_SUCCESS ) return( status ); + status = psa_aead_unpadded_locate_tag( operation.tag_length, + ciphertext, ciphertext_length, + plaintext_size, &tag ); + if( status != PSA_SUCCESS ) + goto exit; + #if defined(MBEDTLS_GCM_C) if( operation.core_alg == PSA_ALG_GCM ) { - status = psa_aead_unpadded_locate_tag( operation.tag_length, - ciphertext, ciphertext_length, - plaintext_size, &tag ); - if( status != PSA_SUCCESS ) - goto exit; - status = mbedtls_to_psa_error( mbedtls_gcm_auth_decrypt( &operation.ctx.gcm, ciphertext_length - operation.tag_length, @@ -3933,12 +4009,6 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, #if defined(MBEDTLS_CCM_C) if( operation.core_alg == PSA_ALG_CCM ) { - status = psa_aead_unpadded_locate_tag( operation.tag_length, - ciphertext, ciphertext_length, - plaintext_size, &tag ); - if( status != PSA_SUCCESS ) - goto exit; - status = mbedtls_to_psa_error( mbedtls_ccm_auth_decrypt( &operation.ctx.ccm, ciphertext_length - operation.tag_length, @@ -3950,6 +4020,26 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, } else #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 || operation.tag_length != 16 ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly, + ciphertext_length - operation.tag_length, + nonce, + additional_data, + additional_data_length, + tag, + ciphertext, + plaintext ) ); + } + else +#endif /* MBEDTLS_CHACHAPOLY_C */ { return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cfe363f64a..752132a3df 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -931,75 +931,75 @@ cipher_bad_order: PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS PSA symmetric encrypt: AES-CBC-PKCS#7, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT +cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1019,127 +1019,127 @@ cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" PSA symmetric encryption multipart: AES-CBC-nopad, 3+13 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b" PSA symmetric encryption multipart: AES-CBC-nopad, 4+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b" PSA symmetric encryption multipart: AES-CBC-nopad, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b" PSA symmetric encryption multipart: AES-CBC-nopad, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" PSA symmetric encryption multipart: AES-CBC-nopad, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" +cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" PSA symmetric encryption multipart: AES-CTR, 0+15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" PSA symmetric encryption multipart: AES-CTR, 15+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" PSA symmetric encryption multipart: AES-CTR, 0+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric encryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" PSA symmetric decryption multipart: AES-CBC-nopad, 3+13 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a" PSA symmetric decryption multipart: AES-CBC-nopad, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a" PSA symmetric decryption multipart: AES-CBC-nopad, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" PSA symmetric decryption multipart: AES-CBC-nopad, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" +cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" PSA symmetric decryption multipart: AES-CTR, 0+15 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" PSA symmetric decryption multipart: AES-CTR, 15+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" PSA symmetric decryption multipart: AES-CTR, 0+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric decryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1149,6 +1149,26 @@ PSA symmetric encrypt/decrypt multipart: AES-CBC-PKCS#7 padding, 4+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4 +PSA symmetric encrypt: ChaCha20, K=0 N=0 +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS + +PSA symmetric encrypt: ChaCha20, K=rand N=rand +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS + +PSA symmetric encryption multipart: ChaCha20, 14+50 bytes +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4" + +PSA symmetric decrypt: ChaCha20, K=rand N=rand +depends_on:MBEDTLS_CHACHA20_C +cipher_decrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS + +PSA symmetric decryption multipart: ChaCha20, 14+50 bytes +depends_on:MBEDTLS_CHACHA20_C +cipher_decrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4" + PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS @@ -1329,9 +1349,25 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":"B96B49E21D621741632875DB7F6C9243D2D7C2":PSA_ERROR_NOT_SUPPORTED +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) +depends_on:MBEDTLS_CHACHA20_C +aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20:"":"":"":PSA_ERROR_NOT_SUPPORTED PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 52b92ca6d8..68ea9f0e35 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2843,7 +2843,7 @@ exit: /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, + data_t *key, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { @@ -2852,8 +2852,6 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; - unsigned char iv[16] = {0}; - size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -2861,9 +2859,6 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - memset( iv, 0x2a, iv_size ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -2875,8 +2870,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, iv_size ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -2909,7 +2903,7 @@ exit: /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, + data_t *key, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, @@ -2921,8 +2915,6 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, size_t first_part_size = first_part_size_arg; size_t output1_length = output1_length_arg; size_t output2_length = output2_length_arg; - unsigned char iv[16] = {0}; - size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -2930,9 +2922,6 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - memset( iv, 0x2a, iv_size ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -2944,8 +2933,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, sizeof( iv ) ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -2983,7 +2971,7 @@ exit: /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, + data_t *key, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, @@ -2996,8 +2984,6 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, size_t first_part_size = first_part_size_arg; size_t output1_length = output1_length_arg; size_t output2_length = output2_length_arg; - unsigned char iv[16] = {0}; - size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -3005,9 +2991,6 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - memset( iv, 0x2a, iv_size ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -3019,8 +3002,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, sizeof( iv ) ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3060,7 +3042,7 @@ exit: /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, + data_t *key, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { @@ -3069,8 +3051,6 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; - unsigned char iv[16] = {0}; - size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -3078,9 +3058,6 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); - memset( iv, 0x2a, iv_size ); - PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); @@ -3092,8 +3069,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, - iv, iv_size ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3326,11 +3302,16 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, size_t output_length = 0; unsigned char *output_data2 = NULL; size_t output_length2 = 0; - size_t tag_length = 16; + size_t tag_length = PSA_AEAD_TAG_LENGTH( alg ); psa_status_t expected_result = expected_result_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; output_size = input_data->len + tag_length; + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + TEST_EQUAL( output_size, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) ); ASSERT_ALLOC( output_data, output_size ); PSA_ASSERT( psa_crypto_init( ) ); @@ -3355,6 +3336,11 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, { ASSERT_ALLOC( output_data2, output_length ); + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( input_data->len, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) ); + TEST_EQUAL( psa_aead_decrypt( handle, alg, nonce->x, nonce->len, additional_data->x, @@ -3390,10 +3376,14 @@ void aead_encrypt( int key_type_arg, data_t *key_data, unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; - size_t tag_length = 16; + size_t tag_length = PSA_AEAD_TAG_LENGTH( alg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; output_size = input_data->len + tag_length; + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( output_size, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) ); ASSERT_ALLOC( output_data, output_size ); PSA_ASSERT( psa_crypto_init( ) ); @@ -3437,11 +3427,16 @@ void aead_decrypt( int key_type_arg, data_t *key_data, unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; - size_t tag_length = 16; + size_t tag_length = PSA_AEAD_TAG_LENGTH( alg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_result = expected_result_arg; - output_size = input_data->len + tag_length; + output_size = input_data->len - tag_length; + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + TEST_EQUAL( output_size, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) ); ASSERT_ALLOC( output_data, output_size ); PSA_ASSERT( psa_crypto_init( ) ); diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index edb09a8fc9..94b80acdda 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -166,6 +166,10 @@ Cipher: ARC4 depends_on:MBEDTLS_ARC4_C cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER +Cipher: ChaCha20 +depends_on:MBEDTLS_CHACHA_C +cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER + Cipher: CTR depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CTR cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER @@ -192,11 +196,15 @@ cipher_algorithm:PSA_ALG_XTS:0 AEAD: CCM depends_on:MBEDTLS_CCM_C -aead_algorithm:PSA_ALG_CCM:0:16 +aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16 AEAD: GCM depends_on:MBEDTLS_GCM_C -aead_algorithm:PSA_ALG_GCM:0:16 +aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16 + +AEAD: ChaCha20_Poly1305 +depends_on:MBEDTLS_CHACHAPOLY_C +aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16 Asymmetric signature: RSA PKCS#1 v1.5 raw depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -307,6 +315,10 @@ Key type: ARC4 depends_on:MBEDTLS_ARC4_C key_type:PSA_KEY_TYPE_ARC4:KEY_TYPE_IS_UNSTRUCTURED +Key type: ChaCha20 +depends_on:MBEDTLS_CHACHA20_C +key_type:PSA_KEY_TYPE_CHACHA20:KEY_TYPE_IS_UNSTRUCTURED + Key type: RSA public key depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_RSA diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 0b7e7ae247..e1eb1c526d 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -36,6 +36,7 @@ #define ALG_IS_ECDH ( 1u << 18 ) #define ALG_IS_WILDCARD ( 1u << 19 ) #define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 ) +#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 21 ) /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that @@ -77,6 +78,7 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags ); TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags ); TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_AEAD_ON_BLOCK_CIPHER, alg, flags ); exit: ; }