Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag

PSA CCM*-no-tag
2025-10-26 00:37:41 +03:00 · 2021-11-10 10:18:55 +01:00
parent 91fe315c69 10fad74a1f
commit 087f04783d
19 changed files with 1366 additions and 11 deletions
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -150,9 +150,20 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
    if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
        return 0;

-    if( ctx->tag_len == 0 && \
-        ( ctx->mode == MBEDTLS_CCM_ENCRYPT || ctx->mode == MBEDTLS_CCM_DECRYPT ) )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+    /* CCM expects non-empty tag.
+     * CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
+     */
+    if( ctx->tag_len == 0 )
+    {
+        if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+        {
+            ctx->plaintext_len = 0;
+        }
+        else
+        {
+            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        }
+    }

    /*
     * First block:
@@ -342,7 +353,10 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
        return MBEDTLS_ERR_CCM_BAD_INPUT;
    }

-    if( ctx->processed + input_len > ctx->plaintext_len )
+    /* Check against plaintext length only if performing operation with
+     * authentication
+     */
+    if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
    {
        return MBEDTLS_ERR_CCM_BAD_INPUT;
    }
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -424,6 +424,31 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
    }
 #endif

+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
+    {
+        int set_lengths_result;
+        int ccm_star_mode;
+
+        set_lengths_result = mbedtls_ccm_set_lengths(
+                                (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                0, 0, 0 );
+        if( set_lengths_result != 0 )
+            return set_lengths_result;
+
+        if( ctx->operation == MBEDTLS_DECRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
+        else if( ctx->operation == MBEDTLS_ENCRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
+        else
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+
+        return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    ccm_star_mode,
+                                    iv, iv_len ) );
+    }
+#endif
+
    if ( actual_iv_size != 0 )
    {
        memcpy( ctx->iv, iv, actual_iv_size );
@@ -560,6 +585,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
    }
 #endif

+#if defined(MBEDTLS_CCM_C)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
+    {
+        return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    input, ilen,
+                                    output, ilen, olen ) );
+    }
+#endif
+
 #if defined(MBEDTLS_CHACHAPOLY_C)
    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
    {
@@ -947,6 +981,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
        MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
        MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
        MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
        MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
    {
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -639,6 +639,39 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
    16,
    &ccm_aes_info
 };
+
+static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "AES-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "AES-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
+
+static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "AES-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aes_info
+};
 #endif /* MBEDTLS_CCM_C */

 #endif /* MBEDTLS_AES_C */
@@ -1014,6 +1047,39 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = {
    16,
    &ccm_camellia_info
 };
+
+static const mbedtls_cipher_info_t camellia_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "CAMELLIA-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "CAMELLIA-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
+
+static const mbedtls_cipher_info_t camellia_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "CAMELLIA-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_camellia_info
+};
 #endif /* MBEDTLS_CCM_C */

 #endif /* MBEDTLS_CAMELLIA_C */
@@ -1390,6 +1456,39 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = {
    16,
    &ccm_aria_info
 };
+
+static const mbedtls_cipher_info_t aria_128_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    128,
+    "ARIA-128-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_192_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    192,
+    "ARIA-192-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
+
+static const mbedtls_cipher_info_t aria_256_ccm_star_no_tag_info = {
+    MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,
+    MBEDTLS_MODE_CCM_STAR_NO_TAG,
+    256,
+    "ARIA-256-CCM*-NO-TAG",
+    12,
+    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
+    16,
+    &ccm_aria_info
+};
 #endif /* MBEDTLS_CCM_C */

 #endif /* MBEDTLS_ARIA_C */
@@ -2055,6 +2154,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
    { MBEDTLS_CIPHER_AES_128_CCM,          &aes_128_ccm_info },
    { MBEDTLS_CIPHER_AES_192_CCM,          &aes_192_ccm_info },
    { MBEDTLS_CIPHER_AES_256_CCM,          &aes_256_ccm_info },
+    { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG,          &aes_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG,          &aes_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG,          &aes_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_AES_C */

@@ -2086,6 +2188,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
    { MBEDTLS_CIPHER_CAMELLIA_128_CCM,     &camellia_128_ccm_info },
    { MBEDTLS_CIPHER_CAMELLIA_192_CCM,     &camellia_192_ccm_info },
    { MBEDTLS_CIPHER_CAMELLIA_256_CCM,     &camellia_256_ccm_info },
+    { MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG,     &camellia_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG,     &camellia_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG,     &camellia_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_CAMELLIA_C */

@@ -2117,6 +2222,9 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
    { MBEDTLS_CIPHER_ARIA_128_CCM,     &aria_128_ccm_info },
    { MBEDTLS_CIPHER_ARIA_192_CCM,     &aria_192_ccm_info },
    { MBEDTLS_CIPHER_ARIA_256_CCM,     &aria_256_ccm_info },
+    { MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG,     &aria_128_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG,     &aria_192_ccm_star_no_tag_info },
+    { MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG,     &aria_256_ccm_star_no_tag_info },
 #endif
 #endif /* MBEDTLS_ARIA_C */

--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3595,7 +3595,12 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
      .core = slot->attr
    };

-    if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+    if( alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) )
+    {
+        status = PSA_ERROR_INVALID_ARGUMENT;
+        goto exit;
+    }
+    else if ( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
    {
        status = PSA_ERROR_INVALID_ARGUMENT;
        goto exit;
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -92,6 +92,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
            case PSA_ALG_CBC_PKCS7:
                mode = MBEDTLS_MODE_CBC;
                break;
+            case PSA_ALG_CCM_STAR_NO_TAG:
+                mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
+                break;
            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
                mode = MBEDTLS_MODE_CCM;
                break;