mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-21 06:40:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

psasim: add support for psa_cipher_xxx() functions

Browse Source 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
This commit is contained in:
Tom Cosgrove 2024-06-21 10:43:39 +01:00 committed by Valerio Setti
parent 853ca0cdb0
commit a4eac4a84d
7 changed files with 2298 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tests/psa-client-server/psasim/src/psa_functions_codes.h
View File

@ -24,6 +24,15 @@ enum {
PSA_AEAD_UPDATE,
PSA_AEAD_UPDATE_AD,
PSA_AEAD_VERIFY,
PSA_CIPHER_ABORT,
PSA_CIPHER_DECRYPT,
PSA_CIPHER_DECRYPT_SETUP,
PSA_CIPHER_ENCRYPT,
PSA_CIPHER_ENCRYPT_SETUP,
PSA_CIPHER_FINISH,
PSA_CIPHER_GENERATE_IV,
PSA_CIPHER_SET_IV,
PSA_CIPHER_UPDATE,
PSA_DESTROY_KEY,
PSA_GENERATE_RANDOM,
PSA_GET_KEY_ATTRIBUTES,

727
tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
View File

@ -1133,6 +1133,733 @@ fail:
}
psa_status_t psa_cipher_abort(
psa_cipher_operation_t *operation
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_ABORT,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_ABORT server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_decrypt(
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size,
size_t *output_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
psasim_serialise_psa_algorithm_t_needs(alg) +
psasim_serialise_buffer_needs(input, input_length) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(*output_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, input, input_length);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&pos, &remaining, *output_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_DECRYPT,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_DECRYPT server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
psasim_serialise_psa_algorithm_t_needs(alg);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_encrypt(
mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size,
size_t *output_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
psasim_serialise_psa_algorithm_t_needs(alg) +
psasim_serialise_buffer_needs(input, input_length) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(*output_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, input, input_length);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&pos, &remaining, *output_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_ENCRYPT,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_ENCRYPT server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
psasim_serialise_psa_algorithm_t_needs(alg);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output, size_t output_size,
size_t *output_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(*output_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&pos, &remaining, *output_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_FINISH,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_FINISH server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_generate_iv(
psa_cipher_operation_t *operation,
uint8_t *iv, size_t iv_size,
size_t *iv_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_buffer_needs(iv, iv_size) +
psasim_serialise_size_t_needs(*iv_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&pos, &remaining, *iv_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_GENERATE_IV server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_return_buffer(&rpos, &rremain, iv, iv_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&rpos, &rremain, iv_length);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_buffer_needs(iv, iv_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_SET_IV,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_SET_IV server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size,
size_t *output_length
)
{
uint8_t *params = NULL;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t needed = psasim_serialise_begin_needs() +
psasim_serialise_psa_cipher_operation_t_needs(*operation) +
psasim_serialise_buffer_needs(input, input_length) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(*output_length);
params = malloc(needed);
if (params == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto fail;
}
uint8_t *pos = params;
size_t remaining = needed;
int ok;
ok = psasim_serialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, input, input_length);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&pos, &remaining, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&pos, &remaining, *output_length);
if (!ok) {
goto fail;
}
ok = psa_crypto_call(PSA_CIPHER_UPDATE,
params, (size_t) (pos - params), &result, &result_length);
if (!ok) {
printf("PSA_CIPHER_UPDATE server call failed\n");
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_length;
ok = psasim_deserialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
fail:
free(params);
free(result);
return status;
}
psa_status_t psa_destroy_key(
mbedtls_svc_key_id_t key
)

884
tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
View File

@ -1261,6 +1261,854 @@ fail:
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_abort_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_abort(
operation
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
return 1; // success
fail:
free(result);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_decrypt_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_svc_key_id_t key;
psa_algorithm_t alg;
uint8_t *input = NULL;
size_t input_length;
uint8_t *output = NULL;
size_t output_size;
size_t output_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&pos, &remaining, &output_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_decrypt(
key,
alg,
input, input_length,
output, output_size,
&output_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(output_length);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(input);
free(output);
return 1; // success
fail:
free(result);
free(input);
free(output);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_decrypt_setup_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
mbedtls_svc_key_id_t key;
psa_algorithm_t alg;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_decrypt_setup(
operation,
key,
alg
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
return 1; // success
fail:
free(result);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_encrypt_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_svc_key_id_t key;
psa_algorithm_t alg;
uint8_t *input = NULL;
size_t input_length;
uint8_t *output = NULL;
size_t output_size;
size_t output_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&pos, &remaining, &output_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_encrypt(
key,
alg,
input, input_length,
output, output_size,
&output_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(output_length);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(input);
free(output);
return 1; // success
fail:
free(result);
free(input);
free(output);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_encrypt_setup_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
mbedtls_svc_key_id_t key;
psa_algorithm_t alg;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_encrypt_setup(
operation,
key,
alg
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
return 1; // success
fail:
free(result);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_finish_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
uint8_t *output = NULL;
size_t output_size;
size_t output_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&pos, &remaining, &output_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_finish(
operation,
output, output_size,
&output_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(output_length);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(output);
return 1; // success
fail:
free(result);
free(output);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_generate_iv_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
uint8_t *iv = NULL;
size_t iv_size;
size_t iv_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&pos, &remaining, &iv_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_generate_iv(
operation,
iv, iv_size,
&iv_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
psasim_serialise_buffer_needs(iv, iv_size) +
psasim_serialise_size_t_needs(iv_length);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&rpos, &rremain, iv, iv_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&rpos, &rremain, iv_length);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(iv);
return 1; // success
fail:
free(result);
free(iv);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_set_iv_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
uint8_t *iv = NULL;
size_t iv_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_set_iv(
operation,
iv, iv_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(iv);
return 1; // success
fail:
free(result);
free(iv);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_cipher_update_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation;
uint8_t *input = NULL;
size_t input_length;
uint8_t *output = NULL;
size_t output_size;
size_t output_length;
uint8_t *pos = in_params;
size_t remaining = in_params_len;
uint8_t *result = NULL;
int ok;
ok = psasim_deserialise_begin(&pos, &remaining);
if (!ok) {
goto fail;
}
ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size);
if (!ok) {
goto fail;
}
ok = psasim_deserialise_size_t(&pos, &remaining, &output_length);
if (!ok) {
goto fail;
}
// Now we call the actual target function
status = psa_cipher_update(
operation,
input, input_length,
output, output_size,
&output_length
);
// NOTE: Should really check there is no overflow as we go along.
size_t result_size =
psasim_serialise_begin_needs() +
psasim_serialise_psa_status_t_needs(status) +
psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
psasim_serialise_buffer_needs(output, output_size) +
psasim_serialise_size_t_needs(output_length);
result = malloc(result_size);
if (result == NULL) {
goto fail;
}
uint8_t *rpos = result;
size_t rremain = result_size;
ok = psasim_serialise_begin(&rpos, &rremain);
if (!ok) {
goto fail;
}
ok = psasim_serialise_psa_status_t(&rpos, &rremain, status);
if (!ok) {
goto fail;
}
ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation);
if (!ok) {
goto fail;
}
ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size);
if (!ok) {
goto fail;
}
ok = psasim_serialise_size_t(&rpos, &rremain, output_length);
if (!ok) {
goto fail;
}
*out_params = result;
*out_params_len = result_size;
free(input);
free(output);
return 1; // success
fail:
free(result);
free(input);
free(output);
return 0; // This shouldn't happen!
}
// Returns 1 for success, 0 for failure
int psa_destroy_key_wrapper(
uint8_t *in_params, size_t in_params_len,
@ -3022,6 +3870,42 @@ psa_status_t psa_crypto_call(psa_msg_t msg)
ok = psa_aead_verify_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_ABORT:
ok = psa_cipher_abort_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_DECRYPT:
ok = psa_cipher_decrypt_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_DECRYPT_SETUP:
ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_ENCRYPT:
ok = psa_cipher_encrypt_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_ENCRYPT_SETUP:
ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_FINISH:
ok = psa_cipher_finish_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_GENERATE_IV:
ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_SET_IV:
ok = psa_cipher_set_iv_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_CIPHER_UPDATE:
ok = psa_cipher_update_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
case PSA_DESTROY_KEY:
ok = psa_destroy_key_wrapper(in_params, in_params_len,
&out_params, &out_params_len);

460
tests/psa-client-server/psasim/src/psa_sim_generate.pl
View File

@ -2802,3 +2802,463 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
* results in this error code.
*/
psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
/** Encrypt a message using a symmetric cipher.
*
* This function encrypts a message with a random IV (initialization
* vector). Use the multipart operation interface with a
* #psa_cipher_operation_t object to provide other forms of IV.
*
* \param key Identifier of the key to use for the operation.
* It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to encrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* The output contains the IV followed by
* the ciphertext proper.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/** Decrypt a message using a symmetric cipher.
*
* This function decrypts a message encrypted with a symmetric cipher.
*
* \param key Identifier of the key to use for the operation.
* It must remain valid until the operation
* terminates. It must allow the usage
* #PSA_KEY_USAGE_DECRYPT.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to decrypt.
* This consists of the IV followed by the
* ciphertext proper.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the plaintext is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/** The type of the state data structure for multipart cipher operations.
*
* Before calling any function on a cipher operation object, the application
* must initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_cipher_operation_t operation;
* memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_cipher_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
* for example:
* \code
* psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
* \endcode
* - Assign the result of the function psa_cipher_operation_init()
* to the structure, for example:
* \code
* psa_cipher_operation_t operation;
* operation = psa_cipher_operation_init();
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
/** \def PSA_CIPHER_OPERATION_INIT
*
* This macro returns a suitable initializer for a cipher operation object of
* type #psa_cipher_operation_t.
*/
/** Return an initial value for a cipher operation object.
*/
static psa_cipher_operation_t psa_cipher_operation_init(void);
/** Set the key for a multipart symmetric encryption operation.
*
* The sequence of operations to encrypt a message with a symmetric cipher
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
* #PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
* -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
* generate or set the IV (initialization vector). You should use
* psa_cipher_generate_iv() unless the protocol you are implementing
* requires a specific IV value.
* -# Call psa_cipher_update() zero, one or more times, passing a fragment
* of the message each time.
* -# Call psa_cipher_finish().
*
* If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
* the operation will need to be reset by a call to psa_cipher_abort(). The
* application may call psa_cipher_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_cipher_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A successful call to psa_cipher_finish().
* - A call to psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
* \param key Identifier of the key to use for the operation.
* It must remain valid until the operation
* terminates. It must allow the usage
* #PSA_KEY_USAGE_ENCRYPT.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg);
/** Set the key for a multipart symmetric decryption operation.
*
* The sequence of operations to decrypt a message with a symmetric cipher
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
* #PSA_CIPHER_OPERATION_INIT.
* -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
* -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
* decryption. If the IV is prepended to the ciphertext, you can call
* psa_cipher_update() on a buffer containing the IV followed by the
* beginning of the message.
* -# Call psa_cipher_update() zero, one or more times, passing a fragment
* of the message each time.
* -# Call psa_cipher_finish().
*
* If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
* the operation will need to be reset by a call to psa_cipher_abort(). The
* application may call psa_cipher_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_cipher_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A successful call to psa_cipher_finish().
* - A call to psa_cipher_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
* \param key Identifier of the key to use for the operation.
* It must remain valid until the operation
* terminates. It must allow the usage
* #PSA_KEY_USAGE_DECRYPT.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key is not compatible with \p alg.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be inactive), or
* the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
mbedtls_svc_key_id_t key,
psa_algorithm_t alg);
/** Generate an IV for a symmetric encryption operation.
*
* This function generates a random IV (initialization vector), nonce
* or initial counter value for the encryption operation as appropriate
* for the chosen algorithm, key type and key size.
*
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[out] iv Buffer where the generated IV is to be written.
* \param iv_size Size of the \p iv buffer in bytes.
* \param[out] iv_length On success, the number of bytes of the
* generated IV.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with no IV set),
* or the library has not been previously initialized
* by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
uint8_t *iv,
size_t iv_size,
size_t *iv_length);
/** Set the IV for a symmetric encryption or decryption operation.
*
* This function sets the IV (initialization vector), nonce
* or initial counter value for the encryption or decryption operation.
*
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
* \note When encrypting, applications should use psa_cipher_generate_iv()
* instead of this function, unless implementing a protocol that requires
* a non-random IV.
*
* \param[in,out] operation Active cipher operation.
* \param[in] iv Buffer containing the IV to use.
* \param iv_length Size of the IV in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be an active cipher
* encrypt operation, with no IV set), or the library has not been
* previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length);
/** Encrypt or decrypt a message fragment in an active cipher operation.
*
* Before calling this function, you must:
* 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
* The choice of setup function determines whether this function
* encrypts or decrypts its input.
* 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
* (recommended when encrypting) or psa_cipher_set_iv().
*
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[in] input Buffer containing the message fragment to
* encrypt or decrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with an IV set
* if required for the algorithm), or the library has not been
* previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/** Finish encrypting or decrypting a message in a cipher operation.
*
* The application must call psa_cipher_encrypt_setup() or
* psa_cipher_decrypt_setup() before calling this function. The choice
* of setup function determines whether this function encrypts or
* decrypts its input.
*
* This function finishes the encryption or decryption of the message
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
* When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
* \param[in,out] operation Active cipher operation.
* \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, with an IV set
* if required for the algorithm), or the library has not been
* previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length);
/** Abort a cipher operation.
*
* Aborting an operation frees all associated resources except for the
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
*
* You may call this function any time after the operation object has
* been initialized as described in #psa_cipher_operation_t.
*
* In particular, calling psa_cipher_abort() after the operation has been
* terminated by a call to psa_cipher_abort() or psa_cipher_finish()
* is safe and has no effect.
*
* \param[in,out] operation Initialized cipher operation.
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);

133
tests/psa-client-server/psasim/src/psa_sim_serialise.c
View File

@ -177,6 +177,44 @@ static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle)
return -1; /* not found */
}
static psa_cipher_operation_t cipher_operations[MAX_LIVE_HANDLES_PER_CLASS];
static psasim_client_handle_t cipher_operation_handles[MAX_LIVE_HANDLES_PER_CLASS];
static psasim_client_handle_t next_cipher_operation_handle = 1;
/* Get a free slot */
static ssize_t allocate_cipher_operation_slot(void)
{
psasim_client_handle_t handle = next_cipher_operation_handle++;
if (next_cipher_operation_handle == 0) { /* wrapped around */
FATAL("Cipher operation handle wrapped");
}
for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
if (cipher_operation_handles[i] == 0) {
cipher_operation_handles[i] = handle;
return i;
}
}
ERROR("All slots are currently used. Unable to allocate a new one.");
return -1; /* all in use */
}
/* Find the slot given the handle */
static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle)
{
for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
if (cipher_operation_handles[i] == handle) {
return i;
}
}
ERROR("Unable to find slot by handle %u", handle);
return -1; /* not found */
}
size_t psasim_serialise_begin_needs(void)
{
/* The serialisation buffer will
@ -810,6 +848,99 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos,
return 1;
}
size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value)
{
return sizeof(value);
}
int psasim_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t value)
{
if (*remaining < sizeof(value)) {
return 0;
}
memcpy(*pos, &value, sizeof(value));
*pos += sizeof(value);
return 1;
}
int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *value)
{
if (*remaining < sizeof(*value)) {
return 0;
}
memcpy(value, *pos, sizeof(*value));
*pos += sizeof(*value);
*remaining -= sizeof(*value);
return 1;
}
size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *operation)
{
(void) operation;
/* We will actually return a handle */
return sizeof(psasim_operation_t);
}
int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *operation)
{
psasim_operation_t client_operation;
if (*remaining < sizeof(client_operation)) {
return 0;
}
ssize_t slot = operation - cipher_operations;
client_operation.handle = cipher_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
*pos += sizeof(client_operation);
return 1;
}
int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t **operation)
{
psasim_operation_t client_operation;
if (*remaining < sizeof(psasim_operation_t)) {
return 0;
}
memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
*pos += sizeof(psasim_operation_t);
*remaining -= sizeof(psasim_operation_t);
ssize_t slot;
if (client_operation.handle == 0) { /* We need a new handle */
slot = allocate_cipher_operation_slot();
} else {
slot = find_cipher_slot_by_handle(client_operation.handle);
}
if (slot < 0) {
return 0;
}
*operation = &cipher_operations[slot];
return 1;
}
size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value)
{
return sizeof(value);
@ -853,4 +984,6 @@ void psa_sim_serialize_reset(void)
memset(aead_operations, 0, sizeof(aead_operations));
memset(mac_operation_handles, 0, sizeof(mac_operation_handles));
memset(mac_operations, 0, sizeof(mac_operations));
memset(cipher_operation_handles, 0, sizeof(cipher_operation_handles));
memset(cipher_operations, 0, sizeof(cipher_operations));
}

84
tests/psa-client-server/psasim/src/psa_sim_serialise.h
View File

@ -667,6 +667,90 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
psa_mac_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t()
* to serialise a `psa_cipher_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_cipher_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value);
/** Serialise a `psa_cipher_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t value);
/** Deserialise a `psa_cipher_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_cipher_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t()
* to serialise a `psa_cipher_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_cipher_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *value);
/** Serialise a `psa_cipher_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *value);
/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_cipher_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t()
* to serialise a `mbedtls_svc_key_id_t`.
*

1
tests/psa-client-server/psasim/src/psa_sim_serialise.pl
View File

@ -42,6 +42,7 @@ my @types = qw(unsigned-int int size_t
psa_aead_operation_t
psa_key_attributes_t
psa_mac_operation_t
psa_cipher_operation_t
mbedtls_svc_key_id_t);
grep(s/-/ /g, @types);