From a83316991461337fd3b477aa4f42362b5101a0fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Jul 2021 09:19:35 +0200 Subject: [PATCH] psa: cipher: Add IV parameters to cipher_encrypt entry point Signed-off-by: Ronald Cron --- library/psa_crypto.c | 8 ++++--- library/psa_crypto_cipher.c | 32 +++++++++++++------------- library/psa_crypto_cipher.h | 20 ++++++++-------- library/psa_crypto_driver_wrappers.c | 8 +++++++ library/psa_crypto_driver_wrappers.h | 2 ++ tests/include/test/drivers/cipher.h | 2 ++ tests/src/drivers/test_driver_cipher.c | 7 +++++- 7 files changed, 49 insertions(+), 30 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 20f525bf43..028eafcaaa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3604,15 +3604,17 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, status = psa_driver_wrapper_cipher_encrypt( &attributes, slot->key.data, slot->key.bytes, - alg, input, input_length, - output, output_size, output_length ); + alg, output, iv_length, input, input_length, + output + iv_length, output_size - iv_length, output_length ); exit: unlock_status = psa_unlock_key_slot( slot ); if( status == PSA_SUCCESS ) status = unlock_status; - if( status != PSA_SUCCESS ) + if( status == PSA_SUCCESS ) + *output_length += iv_length; + else *output_length = 0; return( status ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 713c3d17d1..22f5363844 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -472,6 +472,8 @@ static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -480,38 +482,32 @@ static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; - size_t olength, accumulated_length; + size_t update_output_length, finish_output_length; status = cipher_encrypt_setup( &operation, attributes, key_buffer, key_buffer_size, alg ); if( status != PSA_SUCCESS ) goto exit; - accumulated_length = 0; - if( operation.iv_length > 0 ) + if( iv_length > 0 ) { - status = cipher_set_iv( &operation, output, operation.iv_length ); + status = cipher_set_iv( &operation, iv, iv_length ); if( status != PSA_SUCCESS ) goto exit; - - accumulated_length = operation.iv_length; } status = cipher_update( &operation, input, input_length, - output + operation.iv_length, - output_size - operation.iv_length, - &olength ); + output, output_size, &update_output_length ); if( status != PSA_SUCCESS ) goto exit; - accumulated_length += olength; - - status = cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, &olength ); + status = cipher_finish( &operation, output + update_output_length, + output_size - update_output_length, + &finish_output_length ); if( status != PSA_SUCCESS ) goto exit; - *output_length = accumulated_length + olength; + *output_length = update_output_length + finish_output_length; exit: if( status == PSA_SUCCESS ) @@ -627,6 +623,8 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -634,7 +632,7 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, size_t *output_length ) { return( cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, + alg, iv, iv_length, input, input_length, output, output_size, output_length ) ); } @@ -713,6 +711,8 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -720,7 +720,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( size_t *output_length ) { return( cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, + alg, iv, iv_length, input, input_length, output, output_size, output_length ) ); } diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 5971e8d3f0..76ff22acf7 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -213,16 +213,12 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation * \param[in] alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). - * \param[in] input Buffer containing the message to encrypt. - * \param[in] input_length Size of the \p input buffer in bytes. + * \param[in] iv Buffer containing the IV for encryption. The + * IV has been generated by the core. + * \param[in] iv_length Size of the \p iv in bytes. + * \param[in] input Buffer containing the message to encrypt. + * \param[in] input_length Size of the \p input buffer in bytes. * \param[in,out] output Buffer where the output is to be written. - * The core has generated and written the IV - * at the beginning of this buffer before - * this function is called. The size of the IV - * is PSA_CIPHER_IV_LENGTH( key_type, alg ) where - * \c key_type is the type of the key identified - * by \p key and \p alg is the cipher algorithm - * to compute. * \param[in] output_size Size of the \p output buffer in bytes. * \param[out] output_length On success, the number of bytes that make up * the returned output. Initialized to zero @@ -235,7 +231,7 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The size of \p iv is not acceptable for the chosen algorithm, + * The size \p iv_length is not acceptable for the chosen algorithm, * or the chosen algorithm does not use an IV. * The total input size passed to this operation is not valid for * this particular algorithm. For example, the algorithm is a based @@ -249,6 +245,8 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -342,6 +340,8 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f7240ceacc..5fba955477 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -740,6 +740,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -761,6 +763,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( key_buffer, key_buffer_size, alg, + iv, + iv_length, input, input_length, output, @@ -777,6 +781,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( key_buffer, key_buffer_size, alg, + iv, + iv_length, input, input_length, output, @@ -794,6 +800,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( key_buffer, key_buffer_size, alg, + iv, + iv_length, input, input_length, output, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 38a6ee82a7..9eb08bc9f8 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -102,6 +102,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 4fe559618f..c1aa616b52 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -57,6 +57,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); @@ -102,6 +103,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length); diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 2fe77c8c78..9e0dc30c55 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -44,6 +44,8 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *iv, + size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, @@ -70,7 +72,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( return( mbedtls_transparent_test_driver_cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, + alg, iv, iv_length, input, input_length, output, output_size, output_length ) ); } @@ -244,6 +246,7 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *iv, size_t iv_length, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { @@ -251,6 +254,8 @@ psa_status_t mbedtls_test_opaque_cipher_encrypt( (void) key; (void) key_length; (void) alg; + (void) iv; + (void) iv_length; (void) input; (void) input_length; (void) output;