diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt new file mode 100644 index 0000000000..fa4e7ac61b --- /dev/null +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -0,0 +1,3 @@ +Features + * Implement the PSA multipart AEAD interface, currently supporting + ChaChaPoly and GCM. diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index b05660f7e1..8075caf660 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -77,6 +77,41 @@ typedef struct #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + +/* Context structure for the Mbed TLS AEAD implementation. */ +typedef struct +{ + psa_algorithm_t MBEDTLS_PRIVATE(alg); + psa_key_type_t MBEDTLS_PRIVATE(key_type); + + unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; + + uint8_t MBEDTLS_PRIVATE(tag_length); + + union + { + unsigned dummy; /* Enable easier initializing of the union. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + mbedtls_ccm_context MBEDTLS_PRIVATE(ccm); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + mbedtls_gcm_context MBEDTLS_PRIVATE(gcm); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + } ctx; + +} mbedtls_psa_aead_operation_t; + +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} + /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. */ @@ -88,6 +123,10 @@ typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t; #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT +typedef mbedtls_psa_aead_operation_t mbedtls_transparent_test_driver_aead_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT MBEDTLS_PSA_AEAD_OPERATION_INIT + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 239fdcb337..957986c22f 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -58,5 +58,13 @@ typedef union { #endif } psa_driver_mac_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_aead_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; +#endif +} psa_driver_aead_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 381abf9605..26894156c5 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -72,6 +72,8 @@ extern "C" { #include "mbedtls/cmac.h" #include "mbedtls/gcm.h" +#include "mbedtls/ccm.h" +#include "mbedtls/chachapoly.h" /* Include the context definition for the compiled-in drivers for the primitive * algorithms. */ @@ -148,19 +150,31 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_aead_operation_s { + + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int MBEDTLS_PRIVATE(id); + psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(key_set) : 1; - unsigned int MBEDTLS_PRIVATE(iv_set) : 1; - uint8_t MBEDTLS_PRIVATE(iv_size); - uint8_t MBEDTLS_PRIVATE(block_size); - union - { - unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher); - } MBEDTLS_PRIVATE(ctx); + psa_key_type_t MBEDTLS_PRIVATE(key_type); + + size_t MBEDTLS_PRIVATE(ad_remaining); + size_t MBEDTLS_PRIVATE(body_remaining); + + unsigned int MBEDTLS_PRIVATE(nonce_set) : 1; + unsigned int MBEDTLS_PRIVATE(lengths_set) : 1; + unsigned int MBEDTLS_PRIVATE(ad_started) : 1; + unsigned int MBEDTLS_PRIVATE(body_started) : 1; + unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; + + psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx); }; -#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } } +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bcbaa3d68a..ece64b100d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3609,6 +3609,50 @@ exit: /* AEAD */ /****************************************************************/ +/* Helper function to get the base algorithm from its variants. */ +static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) +{ + return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); +} + +/* Helper function to perform common nonce length checks. */ +static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, + size_t nonce_length ) +{ + psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg ); + +#if defined(PSA_WANT_ALG_GCM) + if( base_alg == PSA_ALG_GCM ) + { + /* Not checking max nonce size here as GCM spec allows almost + * arbitrarily large nonces. Please note that we do not generally + * recommend the usage of nonces of greater length than + * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter + * size, which can then lead to collisions if you encrypt a very + * large number of messages.*/ + if( nonce_length != 0 ) + return( PSA_SUCCESS ); + } +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) + if( base_alg == PSA_ALG_CCM ) + { + if( nonce_length >= 7 && nonce_length <= 13 ) + return( PSA_SUCCESS ); + } + else +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) + if( base_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length == 12 ) + return( PSA_SUCCESS ); + } +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ + + return( PSA_ERROR_NOT_SUPPORTED ); +} + psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, @@ -3638,6 +3682,10 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3649,6 +3697,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && ciphertext_size != 0 ) memset( ciphertext, 0, ciphertext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); @@ -3683,6 +3732,10 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_decrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3694,11 +3747,474 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && plaintext_size != 0 ) memset( plaintext, 0, plaintext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); } +/* Set the key for a multipart authenticated operation. */ +static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, + int is_encrypt, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; + psa_key_usage_t key_usage = 0; + + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( operation->id != 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( is_encrypt ) + key_usage = PSA_KEY_USAGE_ENCRYPT; + else + key_usage = PSA_KEY_USAGE_DECRYPT; + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + if( is_encrypt ) + status = psa_driver_wrapper_aead_encrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + else + status = psa_driver_wrapper_aead_decrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + + operation->key_type = psa_get_key_type( &attributes ); + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + if( status == PSA_SUCCESS ) + { + status = unlock_status; + operation->alg = psa_aead_get_base_algorithm( alg ); + operation->is_encrypt = is_encrypt; + } + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Set the key for a multipart authenticated encryption operation. */ +psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + return( psa_aead_setup( operation, 1, key, alg ) ); +} + +/* Set the key for a multipart authenticated decryption operation. */ +psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + return( psa_aead_setup( operation, 0, key, alg ) ); +} + +/* Generate a random nonce / IV for multipart AEAD operation */ +psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t required_nonce_size; + + *nonce_length = 0; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || !operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type, + operation->alg ); + if( nonce_size < required_nonce_size ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + + status = psa_generate_random( nonce, required_nonce_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_aead_set_nonce( operation, nonce, required_nonce_size ); + +exit: + if( status == PSA_SUCCESS ) + *nonce_length = required_nonce_size; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Set the nonce for a multipart authenticated encryption or decryption + operation.*/ +psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_aead_check_nonce_length( operation->alg, nonce_length ); + if( status != PSA_SUCCESS ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, + nonce_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->nonce_set = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Declare the lengths of the message and additional data for multipart AEAD. */ +psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set || operation->ad_started || + operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + +#if defined(PSA_WANT_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* Lengths can only be too large for GCM if size_t is bigger than 32 + * bits. Without the guard this code will generate warnings on 32bit + * builds. */ +#if SIZE_MAX > UINT32_MAX + if( (( uint64_t ) ad_length ) >> 61 != 0 || + (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } +#endif + } + else +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( ad_length > 0xFF00 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } + else +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* No length restrictions for ChaChaPoly. */ + } +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ + + status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, + plaintext_length ); + +exit: + if( status == PSA_SUCCESS ) + { + operation->ad_remaining = ad_length; + operation->body_remaining = plaintext_length; + operation->lengths_set = 1; + } + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Pass additional data to an active multipart AEAD operation. */ +psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set || operation->body_started ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set ) + { + if( operation->ad_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->ad_remaining -= input_length; + } + + status = psa_driver_wrapper_aead_update_ad( operation, input, + input_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->ad_started = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + operation.*/ +psa_status_t psa_aead_update( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *output_length = 0; + + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set ) + { + /* Additional data length was supplied, but not all the additional + data was supplied.*/ + if( operation->ad_remaining != 0 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Too much data provided. */ + if( operation->body_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->body_remaining -= input_length; + } + + status = psa_driver_wrapper_aead_update( operation, input, input_length, + output, output_size, + output_length ); + +exit: + if( status == PSA_SUCCESS ) + operation->body_started = 1; + else + psa_aead_abort( operation ); + + return( status ); +} + +static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation ) +{ + if( operation->id == 0 || !operation->nonce_set ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->lengths_set && ( operation->ad_remaining != 0 || + operation->body_remaining != 0 ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + return( PSA_SUCCESS ); +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t psa_aead_finish( psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *ciphertext_length = 0; + *tag_length = tag_size; + + status = psa_aead_final_checks( operation ); + if( status != PSA_SUCCESS ) + goto exit; + + if( !operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_driver_wrapper_aead_finish( operation, ciphertext, + ciphertext_size, + ciphertext_length, + tag, tag_size, tag_length ); + +exit: + /* In case the operation fails and the user fails to check for failure or + * the zero tag size, make sure the tag is set to something implausible. + * Even if the operation succeeds, make sure we clear the rest of the + * buffer to prevent potential leakage of anything previously placed in + * the same buffer.*/ + if( tag != NULL ) + { + if( status != PSA_SUCCESS ) + memset( tag, '!', tag_size ); + else if( *tag_length < tag_size ) + memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); + } + + psa_aead_abort( operation ); + + return( status ); +} + +/* Finish authenticating and decrypting a message in a multipart AEAD + operation.*/ +psa_status_t psa_aead_verify( psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *plaintext_length = 0; + + status = psa_aead_final_checks( operation ); + if( status != PSA_SUCCESS ) + goto exit; + + if( operation->is_encrypt ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_driver_wrapper_aead_verify( operation, plaintext, + plaintext_size, + plaintext_length, + tag, tag_length ); + +exit: + psa_aead_abort( operation ); + + return( status ); +} + +/* Abort an AEAD operation. */ +psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return( PSA_SUCCESS ); + } + + status = psa_driver_wrapper_aead_abort( operation ); + + memset( operation, 0, sizeof( *operation ) ); + + return( status ); +} + /****************************************************************/ /* Generators */ /****************************************************************/ diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 356679c38f..a72865c04c 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -25,58 +25,24 @@ #include "psa_crypto_aead.h" #include "psa_crypto_core.h" +#include +#include "mbedtls/platform.h" +#if !defined(MBEDTLS_PLATFORM_C) +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #include "mbedtls/ccm.h" #include "mbedtls/chachapoly.h" #include "mbedtls/cipher.h" #include "mbedtls/gcm.h" - -typedef struct -{ - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } ctx; - psa_algorithm_t core_alg; - uint8_t tag_length; -} aead_operation_t; - -#define AEAD_OPERATION_INIT {{0}, 0, 0} - -static void psa_aead_abort_internal( aead_operation_t *operation ) -{ - switch( operation->core_alg ) - { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - case PSA_ALG_CCM: - mbedtls_ccm_free( &operation->ctx.ccm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - case PSA_ALG_GCM: - mbedtls_gcm_free( &operation->ctx.gcm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - case PSA_ALG_CHACHA20_POLY1305: - mbedtls_chachapoly_free( &operation->ctx.chachapoly ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } -} +#include "mbedtls/error.h" static psa_status_t psa_aead_setup( - aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -85,6 +51,8 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; size_t full_tag_length = 0; + ( void ) key_buffer_size; + key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, @@ -97,7 +65,7 @@ static psa_status_t psa_aead_setup( { #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): - operation->core_alg = PSA_ALG_CCM; + operation->alg = PSA_ALG_CCM; full_tag_length = 16; /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or @@ -116,7 +84,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): - operation->core_alg = PSA_ALG_GCM; + operation->alg = PSA_ALG_GCM; full_tag_length = 16; /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or @@ -135,7 +103,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): - operation->core_alg = PSA_ALG_CHACHA20_POLY1305; + operation->alg = PSA_ALG_CHACHA20_POLY1305; full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) @@ -159,7 +127,9 @@ static psa_status_t psa_aead_setup( > full_tag_length ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type, + operation->key_type = psa_get_key_type( attributes ); + + operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type, key_bits, alg ); @@ -176,11 +146,12 @@ psa_status_t mbedtls_psa_aead_encrypt( uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; uint8_t *tag; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -194,7 +165,7 @@ psa_status_t mbedtls_psa_aead_encrypt( tag = ciphertext + plaintext_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm, @@ -208,7 +179,7 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm, @@ -222,9 +193,9 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -250,7 +221,7 @@ psa_status_t mbedtls_psa_aead_encrypt( *ciphertext_length = plaintext_length + operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); return( status ); } @@ -286,11 +257,12 @@ psa_status_t mbedtls_psa_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; const uint8_t *tag = NULL; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -301,7 +273,7 @@ psa_status_t mbedtls_psa_aead_decrypt( goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_auth_decrypt( &operation.ctx.ccm, @@ -315,7 +287,7 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_auth_decrypt( &operation.ctx.gcm, @@ -329,9 +301,9 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -356,12 +328,320 @@ psa_status_t mbedtls_psa_aead_decrypt( *plaintext_length = ciphertext_length - operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); if( status == PSA_SUCCESS ) *plaintext_length = ciphertext_length - operation.tag_length; return( status ); } +/* Set the key and algorithm for a multipart authenticated encryption + * operation. */ +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ + + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + + if( status == PSA_SUCCESS ) + operation->is_encrypt = 1; + + return ( status ); +} + +/* Set the key and algorithm for a multipart authenticated decryption + * operation. */ +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ + + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + + if( status == PSA_SUCCESS ) + operation->is_encrypt = 0; + + return ( status ); +} + +/* Set a nonce for the multipart AEAD operation*/ +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_starts( &operation->ctx.gcm, + operation->is_encrypt ? + MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + nonce, + nonce_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to + * allocate a buffer in the operation, copy the nonce to it and pad + * it, so for now check the nonce is 12 bytes, as + * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the + * passed in buffer. */ + if( nonce_length != 12 ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_starts( &operation->ctx.chachapoly, + nonce, + operation->is_encrypt ? + MBEDTLS_CHACHAPOLY_ENCRYPT : + MBEDTLS_CHACHAPOLY_DECRYPT ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) nonce; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + return( status ); +} + + /* Declare the lengths of the message and additional data for AEAD. */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + /* Nothing here yet, work is currently done in PSA Core, however support + * for CCM will require this function. */ + ( void ) operation; + ( void ) ad_length; + ( void ) plaintext_length; + + return ( PSA_SUCCESS ); +} + +/* Pass additional data to an active multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + status = mbedtls_to_psa_error( + mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly, + input, + input_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) operation; + ( void ) input; + ( void ) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + return ( status ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + * operation.*/ +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + size_t update_output_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + update_output_length = input_length; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_gcm_update( &operation->ctx.gcm, + input, input_length, + output, output_size, + &update_output_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update( &operation->ctx.chachapoly, + input_length, + input, + output ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) input; + ( void ) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + *output_length = update_output_length; + + return( status ); +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t finish_output_size = 0; + + if( tag_size < operation->tag_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + if( ciphertext_size < 15 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_gcm_finish( &operation->ctx.gcm, + ciphertext, ciphertext_size, ciphertext_length, + tag, operation->tag_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* Belt and braces. Although the above tag_size check should have + * already done this, if we later start supporting smaller tag sizes + * for chachapoly, then passing a tag buffer smaller than 16 into here + * could cause a buffer overflow, so better safe than sorry. */ + if( tag_size < 16 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + tag ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) ciphertext; + ( void ) ciphertext_size; + ( void ) ciphertext_length; + ( void ) tag; + ( void ) tag_size; + ( void ) tag_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + /* This will be zero for all supported algorithms currently, but left + * here for future support. */ + *ciphertext_length = finish_output_size; + *tag_length = operation->tag_length; + } + + return ( status ); +} + +/* Abort an AEAD operation */ +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ) +{ + switch( operation->alg ) + { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + case PSA_ALG_CCM: + mbedtls_ccm_free( &operation->ctx.ccm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + case PSA_ALG_GCM: + mbedtls_gcm_free( &operation->ctx.gcm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + case PSA_ALG_CHACHA20_POLY1305: + mbedtls_chachapoly_free( &operation->ctx.chachapoly ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + } + + operation->is_encrypt = 0; + + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index aab0f835c4..e82e1cc098 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -148,4 +148,364 @@ psa_status_t mbedtls_psa_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +/** Set the key for a multipart authenticated encryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_encrypt_setup entry point. This function behaves as an + * aead_encrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * If an error occurs at any step after a call to + * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a + * call to mbedtls_psa_aead_abort(). The PSA core may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized, and is required to when the operation is no longer needed. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #mbedtls_psa_aead_operation_t and not yet in + * use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An invalid block length was supplied. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Failed to allocate memory for key material + */ +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +/** Set the key for a multipart authenticated decryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_decrypt_setup entry point. This function behaves as an + * aead_decrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * If an error occurs at any step after a call to + * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a + * call to mbedtls_psa_aead_abort(). The PSA core may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized, and is required to when the operation is no longer needed. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #mbedtls_psa_aead_operation_t and not yet in + * use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An invalid block length was supplied. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Failed to allocate memory for key material + */ +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +/** Set the nonce for an authenticated encryption or decryption operation. + * + * \note The signature of this function is that of a PSA driver aead_set_nonce + * entry point. This function behaves as an aead_set_nonce entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * This function sets the nonce for the authenticated + * encryption or decryption operation. + * + * The PSA core calls mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup() before calling this function. + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[in] nonce Buffer containing the nonce to use. + * \param nonce_length Size of the nonce in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p nonce is not acceptable for the chosen algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +/** Declare the lengths of the message and additional data for AEAD. + * + * \note The signature of this function is that of a PSA driver aead_set_lengths + * entry point. This function behaves as an aead_set_lengths entry point + * as defined in the PSA driver interface specification for transparent + * drivers. + * + * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() + * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. + * If the algorithm does not require it, calling this function is optional, but + * if this function is called then the implementation must enforce the lengths. + * + * The PSA core may call this function before or after setting the nonce with + * mbedtls_psa_aead_set_nonce(). + * + * - For #PSA_ALG_CCM, calling this function is required. + * - For the other AEAD algorithms defined in this specification, calling + * this function is not required. + * + * If this function returns an error status, the PSA core calls + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param ad_length Size of the non-encrypted additional + * authenticated data in bytes. + * \param plaintext_length Size of the plaintext to encrypt in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * At least one of the lengths is not acceptable for the chosen + * algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +/** Pass additional data to an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update_ad entry point. This function behaves as an aead_update_ad + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Additional data is authenticated, but not encrypted. + * + * The PSA core can call this function multiple times to pass successive + * fragments of the additional data. It will not call this function after + * passing data to encrypt or decrypt with mbedtls_psa_aead_update(). + * + * Before calling this function, the PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the fragment of + * additional data. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +/** Encrypt or decrypt a message fragment in an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update entry point. This function behaves as an aead_update entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Before calling this function, the PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). The choice of setup function + * determines whether this function encrypts or decrypts its input. + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). + * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. + * + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). + * + * This function does not require the input to be aligned to any + * particular block boundary. If the implementation can only process + * a whole block at a time, it must consume all the input provided, but + * it may delay the end of the corresponding output until a subsequent + * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides + * sufficient input. The amount of data that can be delayed in this way is + * bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, + * \c alg, \p input_length) where + * \c key_type is the type of key and \c alg is + * the algorithm that were used to set up the + * operation. + * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p + * input_length) evaluates to the maximum + * output size of any supported AEAD + * algorithm. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or + * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to + * determine the required buffer size. + */ +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +/** Finish encrypting a message in an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_finish entry point. This function behaves as an aead_finish entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * The operation must have been set up by the PSA core with + * mbedtls_psa_aead_encrypt_setup(). + * + * This function finishes the authentication of the additional data + * formed by concatenating the inputs passed to preceding calls to + * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the + * inputs passed to preceding calls to mbedtls_psa_aead_update(). + * + * This function has two output buffers: + * - \p ciphertext contains trailing ciphertext that was buffered from + * preceding calls to mbedtls_psa_aead_update(). + * - \p tag contains the authentication tag. + * + * Whether or not this function returns successfuly, the PSA core subsequently + * calls mbedtls_psa_aead_abort() to deactivate the operation. + * + * \param[in,out] operation Active AEAD operation. + * \param[out] ciphertext Buffer where the last part of the ciphertext + * is to be written. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. + * \param[out] ciphertext_length On success, the number of bytes of + * returned ciphertext. + * \param[out] tag Buffer where the authentication tag is + * to be written. + * \param tag_size Size of the \p tag buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c + * key_type, \c key_bits, \c alg) where + * \c key_type and \c key_bits are the type and + * bit-size of the key, and \c alg are the + * algorithm that were used in the call to + * mbedtls_psa_aead_encrypt_setup(). + * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the + * maximum tag size of any supported AEAD + * algorithm. + * \param[out] tag_length On success, the number of bytes + * that make up the returned tag. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p tag buffer is too small. + * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or + * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag + * buffer size. + */ +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +/** Abort an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_abort entry point. This function behaves as an aead_abort entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by the PSA core by it calling + * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. + * + * The PSA core may call this function any time after the operation object has + * been initialized as described in #mbedtls_psa_aead_operation_t. + * + * In particular, calling mbedtls_psa_aead_abort() after the operation has been + * terminated by a call to mbedtls_psa_aead_abort() or + * mbedtls_psa_aead_finish() is safe and has no effect. + * + * \param[in,out] operation Initialized AEAD operation. + * + * \retval #PSA_SUCCESS + * Success. + */ +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_AEAD */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 4123d8a560..cfc77fbb5b 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1565,6 +1565,381 @@ psa_status_t psa_driver_wrapper_aead_decrypt( } } +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + status = mbedtls_test_transparent_aead_encrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, key_buffer, key_buffer_size, + alg ); + + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + status = mbedtls_psa_aead_encrypt_setup( + &operation->ctx.mbedtls_ctx, attributes, + key_buffer, key_buffer_size, + alg ); + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + status = mbedtls_test_transparent_aead_decrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + status = mbedtls_psa_aead_decrypt_setup( + &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, + nonce, + nonce_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_set_nonce( + &operation->ctx.transparent_test_driver_ctx, + nonce, nonce_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)nonce; + (void)nonce_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, + ad_length, + plaintext_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_set_lengths( + &operation->ctx.transparent_test_driver_ctx, + ad_length, plaintext_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ad_length; + (void)plaintext_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, + input, + input_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_update_ad( + &operation->ctx.transparent_test_driver_ctx, + input, input_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, + input, input_length, + output, output_size, + output_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_update( + &operation->ctx.transparent_test_driver_ctx, + input, input_length, output, output_size, + output_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + (void)output; + (void)output_size; + (void)output_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + ciphertext, + ciphertext_size, + ciphertext_length, tag, + tag_size, tag_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_finish( + &operation->ctx.transparent_test_driver_ctx, + ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ciphertext; + (void)ciphertext_size; + (void)ciphertext_length; + (void)tag; + (void)tag_size; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof( check_tag ), + &check_tag_length ); + + if( status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + status = PSA_ERROR_INVALID_SIGNATURE; + } + + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); + + return( status ); + } + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_verify( + &operation->ctx.transparent_test_driver_ctx, + plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)plaintext; + (void)plaintext_size; + (void)plaintext_length; + (void)tag; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_test_transparent_aead_abort( + &operation->ctx.transparent_test_driver_ctx ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} /* * MAC functions diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index c6e3d51a39..0873b738d8 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -219,6 +219,61 @@ psa_status_t psa_driver_wrapper_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ); + /* * MAC functions */ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 0830229e4e..24215601a6 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -30,12 +30,23 @@ typedef struct { * function call. */ psa_status_t forced_status; /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits; + unsigned long hits_encrypt; + unsigned long hits_decrypt; + unsigned long hits_encrypt_setup; + unsigned long hits_decrypt_setup; + unsigned long hits_set_nonce; + unsigned long hits_set_lengths; + unsigned long hits_update_ad; + unsigned long hits_update; + unsigned long hits_finish; + unsigned long hits_verify; + unsigned long hits_abort; + /* Status returned by the last AEAD driver function call. */ psa_status_t driver_status; } mbedtls_test_driver_aead_hooks_t; -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } static inline mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks_init( void ) { @@ -63,5 +74,60 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t mbedtls_test_transparent_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t mbedtls_test_transparent_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_transparent_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_test_transparent_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t mbedtls_test_transparent_aead_verify( + mbedtls_psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t mbedtls_test_transparent_aead_abort( + mbedtls_psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index ce9ce37795..6befe7cc0f 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -21,6 +21,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" +#include "psa_crypto_core.h" #include "test/drivers/aead.h" @@ -36,7 +37,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_encrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -67,7 +68,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_decrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -89,4 +90,229 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( return( mbedtls_test_driver_aead_hooks.driver_status ); } +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( + mbedtls_transparent_test_driver_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( + mbedtls_transparent_test_driver_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_set_nonce( + mbedtls_transparent_test_driver_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + mbedtls_test_driver_aead_hooks.hits_set_nonce++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_set_lengths( + mbedtls_transparent_test_driver_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + mbedtls_test_driver_aead_hooks.hits_set_lengths++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_update_ad( + mbedtls_transparent_test_driver_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + mbedtls_test_driver_aead_hooks.hits_update_ad++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update_ad( operation, input, input_length ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_update( + mbedtls_transparent_test_driver_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + mbedtls_test_driver_aead_hooks.hits_update++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update( operation, input, input_length, output, + output_size, output_length ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_finish( + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + mbedtls_test_driver_aead_hooks.hits_finish++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, + tag_length ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_verify( + mbedtls_transparent_test_driver_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + mbedtls_test_driver_aead_hooks.hits_verify++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof( check_tag ), + &check_tag_length ); + + if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + mbedtls_test_driver_aead_hooks.driver_status = + PSA_ERROR_INVALID_SIGNATURE; + } + + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_aead_abort( + mbedtls_transparent_test_driver_aead_operation_t *operation ) +{ + mbedtls_test_driver_aead_hooks.hits_abort++; + + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; + } + else + { + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_abort( operation ); + } + + return( mbedtls_test_driver_aead_hooks.driver_status ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d9eafc0277..063629e599 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2482,6 +2482,22 @@ PSA AEAD decrypt: AES-CCM, invalid tag length 18 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-CCM, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS @@ -2634,6 +2650,14 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-GCM, nonce=0 (bad) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED + PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT @@ -2738,6 +2762,18 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=8, not supported) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED @@ -2746,6 +2782,614 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":0:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":1:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":0:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":1:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":0:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":1:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":0:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":1:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":0:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":1:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":0:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":1:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":0:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":1:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":0:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":1:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":0:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":1:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":0:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":1:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":0:"b03c2c20f758a93a8d1220232ad87098" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":0:"b22b2dcdcc18adc30d16297b84b459d8" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":0:"7e5fd8b595ddc4753676107951d900e2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":0:"37245449db8f72b1ecdb420f629d3d80" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":0:"496909523f574b205d757659c5" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":0:"b6e056de521a27266dffbc0d96" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":0:"f6d56f8c86f27d957fa63aea22" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":0:"bd94b34511bc65ae47684805cb" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":0:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":1:"" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":0:"7789b41cb3ee548814ca0b388c10b343" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":0:"4860116a6d2deb9bf794bfd6ac5bbbd6" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":0:"ff426dd751190ff826e8b4a0792d746e" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":0:"0a0b284515694188b6b6c15bc8a09036" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":0:"f386b28e7eb4c2fb8eb5dc66a2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":0:"da1c61fbfcdb73445ad4c7d889" + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":0:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":0:"" + +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":1:"" + +PSA Multipart AEAD verify, AES - GCM, invalid signature +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 14 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (valid buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (NULL buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 11 / Expect 0) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 16 / Expect 12) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM, NONCE = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM, NONCE = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:20:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 15 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:15:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD setup: invalid algorithm (CTR) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES +aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD setup: invalid algorithm (ChaCha20) +depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD setup: invalid algorithm (ChaCha20 - Poly1305 with short tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED + +PSA Multipart State Checks, AES - GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 01e5d5939b..591c2960de 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -278,6 +278,316 @@ typedef enum { DERIVE_KEY = 2 } generate_method; +typedef enum +{ + DO_NOT_SET_LENGTHS = 0, + SET_LENGTHS_BEFORE_NONCE = 1, + SET_LENGTHS_AFTER_NONCE = 2 +} set_lengths_method_t; + +typedef enum +{ + USE_NULL_TAG = 0, + USE_GIVEN_TAG = 1, +} tag_usage_method_t; + +/*! + * \brief Internal Function for AEAD multipart tests. + * \param key_type_arg Type of key passed in + * \param key_data The encryption / decryption key data + * \param alg_arg The type of algorithm used + * \param nonce Nonce data + * \param additional_data Additional data + * \param ad_part_len_arg If not -1, the length of chunks to + * feed additional data in to be encrypted / + * decrypted. If -1, no chunking. + * \param input_data Data to encrypt / decrypt + * \param data_part_len_arg If not -1, the length of chunks to feed + * the data in to be encrypted / decrypted. If + * -1, no chunking + * \param set_lengths_method A member of the set_lengths_method_t enum is + * expected here, this controls whether or not + * to set lengths, and in what order with + * respect to set nonce. + * \param expected_output Expected output + * \param is_encrypt If non-zero this is an encryption operation. + * \param do_zero_parts If non-zero, interleave zero length chunks + * with normal length chunks. + * \return int Zero on failure, non-zero on success. + */ +static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len_arg, + data_t *input_data, + int data_part_len_arg, + set_lengths_method_t set_lengths_method, + data_t *expected_output, + int is_encrypt, + int do_zero_parts ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t data_true_size = 0; + size_t part_data_size = 0; + size_t output_size = 0; + size_t final_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + size_t tag_size = 0; + size_t ad_part_len = 0; + size_t data_part_len = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + int test_ok = 0; + size_t part_count = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + if( is_encrypt ) + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + else + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + if( is_encrypt ) + { + /* Tag gets written at end of buffer. */ + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len + + tag_length ) ); + data_true_size = input_data->len; + } + else + { + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len - + tag_length ) ); + + /* Do not want to attempt to decrypt tag. */ + data_true_size = input_data->len - tag_length; + } + + ASSERT_ALLOC( output_data, output_size ); + + if( is_encrypt ) + { + final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + } + else + { + final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + } + + ASSERT_ALLOC( final_data, final_output_size ); + + if( is_encrypt ) + status = psa_aead_encrypt_setup( &operation, key, alg ); + else + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + if( set_lengths_method == DO_NOT_SET_LENGTHS ) + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + else if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + } + else if( set_lengths_method == SET_LENGTHS_AFTER_NONCE ) + { + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + } + + if( ad_part_len_arg != -1 ) + { + /* Pass additional data in parts */ + ad_part_len = (size_t) ad_part_len_arg; + + for( part_offset = 0, part_count = 0; + part_offset < additional_data->len; + part_offset += part_length, part_count++ ) + { + if( do_zero_parts && ( part_count & 0x01 ) ) + { + part_length = 0; + } + else if( additional_data->len - part_offset < ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + part_offset, + part_length ) ); + + } + } + else + { + /* Pass additional data in one go. */ + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + } + + if( data_part_len_arg != -1 ) + { + /* Pass data in parts */ + data_part_len = ( size_t ) data_part_len_arg; + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + for( part_offset = 0, part_count = 0; + part_offset < data_true_size; + part_offset += part_length, part_count++ ) + { + if( do_zero_parts && ( part_count & 0x01 ) ) + { + part_length = 0; + } + else if( ( data_true_size - part_offset ) < data_part_len ) + { + part_length = ( data_true_size - part_offset ); + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, + &output_part_length ) ); + + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); + } + + output_length += output_part_length; + } + } + else + { + /* Pass all data in one go. */ + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + data_true_size, output_data, + output_size, &output_length ) ); + } + + if( is_encrypt ) + PSA_ASSERT( psa_aead_finish( &operation, final_data, + final_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ) ); + else + { + PSA_ASSERT( psa_aead_verify( &operation, final_data, + final_output_size, + &output_part_length, + ( input_data->x + data_true_size ), + tag_length ) ); + } + + if( output_data && output_part_length ) + memcpy( ( output_data + output_length ), final_data, + output_part_length ); + + output_length += output_part_length; + + + /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE + * should be exact.*/ + if( is_encrypt ) + { + TEST_EQUAL( tag_length, tag_size ); + + if( output_data && tag_length ) + memcpy( ( output_data + output_length ), tag_buffer, + tag_length ); + + output_length += tag_length; + + TEST_EQUAL( output_length, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + else + { + TEST_EQUAL( output_length, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output_data, output_length ); + + + test_ok = 1; + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); + + return( test_ok ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -3473,6 +3783,1209 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_encrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int do_set_lengths, + data_t *expected_output ) +{ + size_t ad_part_len = 0; + size_t data_part_len = 0; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; + + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) + { + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + /* Split ad into length(ad_part_len) parts. */ + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; + } + + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) + { + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; + } + + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ + goto exit; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_decrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int do_set_lengths, + data_t *expected_output ) +{ + size_t ad_part_len = 0; + size_t data_part_len = 0; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; + + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) + { + /* Split ad into length(ad_part_len) parts. */ + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; + } + + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) + { + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; + } + + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ + goto exit; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_length, + int expected_nonce_length_arg, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + size_t actual_nonce_length = 0; + size_t expected_nonce_length = expected_nonce_length_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t output_size = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); + } + + PSA_ASSERT( status ); + + status = psa_aead_generate_nonce( &operation, nonce_buffer, + nonce_length, + &actual_nonce_length ); + + TEST_EQUAL( status, expected_status ); + + TEST_EQUAL( actual_nonce_length, expected_nonce_length ); + + if( expected_status == PSA_SUCCESS ) + TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type, + alg ) ); + + TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE ); + + if( expected_status == PSA_SUCCESS ) + { + + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, + &ciphertext_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_length_arg, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + uint8_t *nonce_buffer = NULL; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t nonce_length; + size_t output_size = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + size_t index = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length_arg ); + } + + PSA_ASSERT( status ); + + /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ + if( nonce_length_arg == -1 ) + { + /* Arbitrary size buffer, to test zero length valid buffer. */ + ASSERT_ALLOC( nonce_buffer, 4 ); + nonce_length = 0; + } + else + { + /* If length is zero, then this will return NULL. */ + nonce_length = ( size_t ) nonce_length_arg; + ASSERT_ALLOC( nonce_buffer, nonce_length ); + + if( nonce_buffer ) + { + for( index = 0; index < nonce_length - 1; ++index ) + { + nonce_buffer[index] = 'a' + index; + } + } + } + + status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); + + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, + &ciphertext_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + mbedtls_free( nonce_buffer ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int output_size_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t output_size = output_size_arg; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + ASSERT_ALLOC( output, output_size ); + + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + status = psa_aead_update( &operation, input_data->x, input_data->len, + output, output_size, &ciphertext_length ); + + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int finish_ciphertext_size_arg, + int tag_size_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *ciphertext = NULL; + unsigned char *finish_ciphertext = NULL; + unsigned char *tag_buffer = NULL; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg; + size_t tag_size = ( size_t ) tag_size_arg; + size_t tag_length = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( ciphertext, ciphertext_size ); + + ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); + + ASSERT_ALLOC( tag_buffer, tag_size ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + ciphertext, ciphertext_size, &ciphertext_length ) ); + + /* Ensure we can still complete operation. */ + status = psa_aead_finish( &operation, finish_ciphertext, + finish_ciphertext_size, + &ciphertext_length, tag_buffer, + tag_size, &tag_length ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( ciphertext ); + mbedtls_free( finish_ciphertext ); + mbedtls_free( tag_buffer ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_verify( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + data_t *tag, + int tag_usage_arg, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *plaintext = NULL; + unsigned char *finish_plaintext = NULL; + size_t plaintext_size = 0; + size_t plaintext_length = 0; + size_t verify_plaintext_size = 0; + tag_usage_method_t tag_usage = tag_usage_arg; + unsigned char *tag_buffer = NULL; + size_t tag_size = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + input_data->len ); + + ASSERT_ALLOC( plaintext, plaintext_size ); + + verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + + ASSERT_ALLOC( finish_plaintext, verify_plaintext_size ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, + plaintext, plaintext_size, + &plaintext_length ) ); + + if( tag_usage == USE_GIVEN_TAG ) + { + tag_buffer = tag->x; + tag_size = tag->len; + } + + status = psa_aead_verify( &operation, finish_plaintext, + verify_plaintext_size, + &plaintext_length, + tag_buffer, tag_size ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( plaintext ); + mbedtls_free( finish_plaintext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_setup( int key_type_arg, data_t *key_data, + int alg_arg, int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + TEST_EQUAL( status, expected_status ); + + psa_aead_abort( &operation ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + TEST_EQUAL(status, expected_status ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_state_test( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + /* Test all operations error without calling setup first. */ + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setups. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not setting a nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setting nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double generating nonce. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + + psa_aead_abort( &operation ); + + /* Test for generate nonce then set and vice versa */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for generating nonce in decrypt setup. */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths twice. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths after already starting data. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data after setting non zero + * lengths for them. (encrypt) */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data after setting non-zero + * lengths for them. (decrypt) */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data after setting a non-zero length + * for it. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any data after setting a non-zero length for it.*/ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for sending too much additional data after setting lengths. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for sending too much data after setting lengths. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + 1, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test sending additional data after data. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling finish on decryption. */ + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling verify on encryption. */ + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 6d78ad51a0..bc6ff34716 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1063,7 +1063,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_encrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ? @@ -1127,7 +1127,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_decrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?