mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 09:02:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

psasim: add AUT for symmetric encryption/decryption

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-06-24 14:59:34 +02:00
parent bb1502b804
commit a06b22d709
3 changed files with 117 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/psa-client-server/psasim/src/aut_main.c
View File

@ -21,7 +21,8 @@
int psa_hash_compute_main(void); int psa_hash_compute_main(void);
int psa_hash_main(void); int psa_hash_main(void);
int psa_aead_main(char *cipher_name); int psa_aead_encrypt_main(char *cipher_name);
int psa_aead_encrypt_decrypt_main(void);
int psa_random_main(void); int psa_random_main(void);
int psa_mac_main(void); int psa_mac_main(void);
int psa_key_agreement_main(void); int psa_key_agreement_main(void);
@ -47,16 +48,17 @@ int main()
TEST_MODULE(psa_hash_compute_main()); TEST_MODULE(psa_hash_compute_main());
TEST_MODULE(psa_hash_main()); TEST_MODULE(psa_hash_main());
TEST_MODULE(psa_aead_main("aes128-gcm")); TEST_MODULE(psa_aead_encrypt_main("aes128-gcm"));
TEST_MODULE(psa_aead_main("aes256-gcm")); TEST_MODULE(psa_aead_encrypt_main("aes256-gcm"));
TEST_MODULE(psa_aead_main("aes128-gcm_8")); TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8"));
TEST_MODULE(psa_aead_main("chachapoly")); TEST_MODULE(psa_aead_encrypt_main("chachapoly"));
TEST_MODULE(psa_random_main()); TEST_MODULE(psa_random_main());
TEST_MODULE(psa_mac_main()); TEST_MODULE(psa_mac_main());
TEST_MODULE(psa_key_agreement_main()); TEST_MODULE(psa_key_agreement_main());
TEST_MODULE(psa_sign_verify_main()); TEST_MODULE(psa_sign_verify_main());
TEST_MODULE(psa_aead_encrypt_decrypt_main());
exit: exit:
return (ret != 0) ? 1 : 0; return (ret != 0) ? 1 : 0;

52
tests/psa-client-server/psasim/src/aut_psa_aead.c → tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
View File

@ -1,37 +1,8 @@
/**
* PSA API multi-part AEAD demonstration.
*
* This program AEAD-encrypts a message, using the algorithm and key size
* specified on the command line, using the multi-part API.
*
* It comes with a companion program cipher/cipher_aead_demo.c, which does the
* same operations with the legacy Cipher API. The goal is that comparing the
* two programs will help people migrating to the PSA Crypto API.
*
* When used with multi-part AEAD operations, the `mbedtls_cipher_context`
* serves a triple purpose (1) hold the key, (2) store the algorithm when no
* operation is active, and (3) save progress information for the current
* operation. With PSA those roles are held by disinct objects: (1) a
* psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
* algorithm, and (3) a psa_operation_t for multi-part progress.
*
* On the other hand, with PSA, the algorithms encodes the desired tag length;
* with Cipher the desired tag length needs to be tracked separately.
*
* This program and its companion cipher/cipher_aead_demo.c illustrate this by
* doing the same sequence of multi-part AEAD computation with both APIs;
* looking at the two side by side should make the differences and
* similarities clear.
*/
/* /*
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/ */
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
#include "psa/crypto.h" #include "psa/crypto.h"
@ -40,25 +11,6 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(!defined(MBEDTLS_PSA_CRYPTO_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER))
int psa_aead_main(void)
{
printf("MBEDTLS_PSA_CRYPTO_CLIENT or "
"MBEDTLS_PSA_CRYPTO_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined, and/or "
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
return 0;
}
#else
/* The real program starts here. */
const char usage[] = const char usage[] =
"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
@ -257,7 +209,7 @@ exit:
/* /*
* Main function * Main function
*/ */
int psa_aead_main(char *cipher_name) int psa_aead_encrypt_main(char *cipher_name)
{ {
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
@ -273,5 +225,3 @@ int psa_aead_main(char *cipher_name)
exit: exit:
return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
} }
#endif

109
tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c Normal file
View File

@ -0,0 +1,109 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define BUFFER_SIZE 500
static void print_bytestr(const uint8_t *bytes, size_t len)
{
for (unsigned int idx = 0; idx < len; idx++) {
printf("%02X", bytes[idx]);
}
}
int psa_aead_encrypt_decrypt_main(void)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
const uint8_t plaintext[] = "Hello World!";
const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
size_t nonce_length = sizeof(nonce);
size_t ciphertext_length;
size_t plaintext_length;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 256);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_generate_random(nonce, nonce_length);
if (status != PSA_SUCCESS) {
printf("psa_generate_random failed\n");
return EXIT_FAILURE;
}
status = psa_aead_encrypt(key_id, // key
PSA_ALG_CCM, // algorithm
nonce, nonce_length, // nonce
NULL, 0, // additional data
plaintext, sizeof(plaintext), // plaintext
encrypt, sizeof(encrypt), // ciphertext
&ciphertext_length); // length of output
if (status != PSA_SUCCESS) {
printf("psa_aead_encrypt failed\n");
return EXIT_FAILURE;
}
printf("AES-CCM encryption:\n");
printf("- Plaintext: '%s':\n", plaintext);
printf("- Key: ");
print_bytestr(key_bytes, sizeof(key_bytes));
printf("\n- Nonce: ");
print_bytestr(nonce, nonce_length);
printf("\n- No additional data\n");
printf("- Ciphertext:\n");
for (size_t j = 0; j < ciphertext_length; j++) {
if (j % 8 == 0) {
printf("\n ");
}
printf("%02x ", encrypt[j]);
}
printf("\n");
status = psa_aead_decrypt(key_id, // key
PSA_ALG_CCM, // algorithm
nonce, nonce_length, // nonce
NULL, 0, // additional data
encrypt, ciphertext_length, // ciphertext
decrypt, sizeof(decrypt), // plaintext
&plaintext_length); // length of output
if (status != PSA_SUCCESS) {
printf("psa_aead_decrypt failed\n");
return EXIT_FAILURE;
}
if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) {
printf("\nEncryption/Decryption failed!\n");
} else {
printf("\nEncryption/Decryption successful!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return 0;
}