From 07a30c4c009e192e35d63b22088ad65516beaee7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Apr 2021 14:13:23 +0100 Subject: [PATCH 001/195] Convert oneshot AEAD over to multipart struct Multipart AEAD operation struct has to be public as it's allocated by the caller, so to save duplication of code, switch oneshot AEAD over to using the multipart operation struct. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 22 +++++++++++++---- library/psa_crypto_aead.c | 48 +++++++++++-------------------------- 2 files changed, 31 insertions(+), 39 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 47012fdd0..a1182c48d 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -75,6 +75,8 @@ extern "C" { #include "mbedtls/cmac.h" #include "mbedtls/gcm.h" +#include "mbedtls/ccm.h" +#include "mbedtls/chachapoly.h" /* Include the context definition for the compiled-in drivers for the primitive * algorithms. */ @@ -153,17 +155,27 @@ struct psa_aead_operation_s { psa_algorithm_t alg; unsigned int key_set : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; + unsigned int nonce_set : 1; + + uint8_t tag_length; + union { unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t cipher; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + mbedtls_ccm_context ccm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + mbedtls_gcm_context gcm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + mbedtls_chachapoly_context chachapoly; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + } ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 356679c38..07c52d433 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -30,30 +30,10 @@ #include "mbedtls/cipher.h" #include "mbedtls/gcm.h" -typedef struct -{ - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } ctx; - psa_algorithm_t core_alg; - uint8_t tag_length; -} aead_operation_t; -#define AEAD_OPERATION_INIT {{0}, 0, 0} - -static void psa_aead_abort_internal( aead_operation_t *operation ) +static void psa_aead_abort_internal( psa_aead_operation_t *operation ) { - switch( operation->core_alg ) + switch( operation->alg ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_CCM: @@ -74,7 +54,7 @@ static void psa_aead_abort_internal( aead_operation_t *operation ) } static psa_status_t psa_aead_setup( - aead_operation_t *operation, + psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, psa_algorithm_t alg ) @@ -97,7 +77,7 @@ static psa_status_t psa_aead_setup( { #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): - operation->core_alg = PSA_ALG_CCM; + operation->alg = PSA_ALG_CCM; full_tag_length = 16; /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or @@ -116,7 +96,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): - operation->core_alg = PSA_ALG_GCM; + operation->alg = PSA_ALG_GCM; full_tag_length = 16; /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or @@ -135,7 +115,7 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): - operation->core_alg = PSA_ALG_CHACHA20_POLY1305; + operation->alg = PSA_ALG_CHACHA20_POLY1305; full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) @@ -176,7 +156,7 @@ psa_status_t mbedtls_psa_aead_encrypt( uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; uint8_t *tag; (void) key_buffer_size; @@ -194,7 +174,7 @@ psa_status_t mbedtls_psa_aead_encrypt( tag = ciphertext + plaintext_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm, @@ -208,7 +188,7 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm, @@ -222,7 +202,7 @@ psa_status_t mbedtls_psa_aead_encrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { if( nonce_length != 12 || operation.tag_length != 16 ) { @@ -286,7 +266,7 @@ psa_status_t mbedtls_psa_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - aead_operation_t operation = AEAD_OPERATION_INIT; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; const uint8_t *tag = NULL; (void) key_buffer_size; @@ -301,7 +281,7 @@ psa_status_t mbedtls_psa_aead_decrypt( goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation.core_alg == PSA_ALG_CCM ) + if( operation.alg == PSA_ALG_CCM ) { status = mbedtls_to_psa_error( mbedtls_ccm_auth_decrypt( &operation.ctx.ccm, @@ -315,7 +295,7 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.core_alg == PSA_ALG_GCM ) + if( operation.alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( mbedtls_gcm_auth_decrypt( &operation.ctx.gcm, @@ -329,7 +309,7 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { if( nonce_length != 12 || operation.tag_length != 16 ) { From adb8b16b16091187d17b4a29de74dc3cc37c3502 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Apr 2021 16:06:57 +0100 Subject: [PATCH 002/195] Add internal implementation of multipart AEAD For the time being CCM and GCM are not entirely implemented correctly due to issues with their underlying implentations, which would be difficult to fix in 2.x, and thus require all the AD and data to be passed in in one go. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 24 +- library/psa_crypto_aead.c | 756 ++++++++++++++++++++++++++++++++++-- library/psa_crypto_aead.h | 640 ++++++++++++++++++++++++++++++ 3 files changed, 1397 insertions(+), 23 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index a1182c48d..6c93814be 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -154,10 +154,32 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_aead_operation_s { psa_algorithm_t alg; + psa_key_type_t key_type; + unsigned int key_set : 1; unsigned int nonce_set : 1; + unsigned int lengths_set : 1; + unsigned int is_encrypt : 1; + unsigned int ad_started : 1; + unsigned int body_started : 1; uint8_t tag_length; + uint8_t nonce_length; + + size_t ad_remaining; + size_t body_remaining; + + /* Buffers for AD/data - only required until CCM gets proper multipart + support. */ + uint8_t* ad_buffer; + size_t ad_length; + + uint8_t* data_buffer; + size_t data_length; + + /* buffer to store Nonce - only required until CCM and GCM get proper + multipart support. */ + uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE]; union { @@ -175,7 +197,7 @@ struct psa_aead_operation_s } ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 07c52d433..47b0e7b3e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -20,39 +20,40 @@ #include "common.h" + #if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa_crypto_aead.h" #include "psa_crypto_core.h" +#include +#include "mbedtls/platform.h" +#if !defined(MBEDTLS_PLATFORM_C) +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + #include "mbedtls/ccm.h" #include "mbedtls/chachapoly.h" #include "mbedtls/cipher.h" #include "mbedtls/gcm.h" +#include "mbedtls/error.h" - -static void psa_aead_abort_internal( psa_aead_operation_t *operation ) +/* Constant-time buffer comparison. This is duplication of code from + * psa_crypto.c, but has nowhere private I can put it for the minute. Really + belongs in the constant time module, when that gets implemented */ +static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) { - switch( operation->alg ) - { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - case PSA_ALG_CCM: - mbedtls_ccm_free( &operation->ctx.ccm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - case PSA_ALG_GCM: - mbedtls_gcm_free( &operation->ctx.gcm ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - case PSA_ALG_CHACHA20_POLY1305: - mbedtls_chachapoly_free( &operation->ctx.chachapoly ); - break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - } + size_t i; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= a[i] ^ b[i]; + + return( diff ); } + static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, @@ -65,6 +66,12 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; size_t full_tag_length = 0; + if( operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, @@ -143,6 +150,8 @@ static psa_status_t psa_aead_setup( key_bits, alg ); + operation->key_set = 1; + return( PSA_SUCCESS ); } @@ -230,7 +239,7 @@ psa_status_t mbedtls_psa_aead_encrypt( *ciphertext_length = plaintext_length + operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); return( status ); } @@ -336,12 +345,715 @@ psa_status_t mbedtls_psa_aead_decrypt( *plaintext_length = ciphertext_length - operation.tag_length; exit: - psa_aead_abort_internal( &operation ); + mbedtls_psa_aead_abort( &operation ); if( status == PSA_SUCCESS ) *plaintext_length = ciphertext_length - operation.tag_length; return( status ); } +/* Set the key and algorithm for a multipart authenticated encryption + * operation. */ +psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status; + + (void) key_buffer_size; + + status = psa_aead_setup( operation, attributes, key_buffer, alg ); + + if( status == PSA_SUCCESS ) + { + operation->is_encrypt = 1; + } + + return ( status ); +} + +/* Set the key and algorithm for a multipart authenticated decryption + * operation. */ +psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status; + + (void) key_buffer_size; + + status = psa_aead_setup( operation, attributes, key_buffer, alg ); + + if( status == PSA_SUCCESS ) + { + operation->is_encrypt = 0; + } + + return ( status ); +} + +/* Generate a random nonce / IV for multipart AEAD operation */ +psa_status_t mbedtls_psa_aead_generate_nonce( psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ) +{ + psa_status_t status; + size_t required_nonce_size = nonce_size; + + if( !operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg); + + if( nonce_size == 0 || nonce_size < required_nonce_size ) + { + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + status = psa_generate_random( nonce, required_nonce_size ); + + if( status != PSA_SUCCESS ) + { + return status; + } + + status = mbedtls_psa_aead_set_nonce( operation, nonce, required_nonce_size ); + + if( status == PSA_SUCCESS ) + { + *nonce_length = required_nonce_size; + } + + return status; +} + +/* Set a nonce for the multipart AEAD operation*/ +psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + psa_status_t status; + + if( !operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* Restricting to a nominal safe length for nonces even though some + algorithms can handle longer nonces, but not without collision */ + if( nonce_length > PSA_AEAD_NONCE_MAX_SIZE ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* GCM sets nonce once additional data has been supplied */ + memcpy(operation->nonce, nonce, nonce_length); + + /* We know that nonce size cannot exceed the uint8_t size */ + operation->nonce_length = ( uint8_t ) nonce_length; + status = PSA_SUCCESS; + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + /* Multipart CCM not supported as yet, so CCM is basically operating + in oneshot mode. Store the nonce as we need this later */ + memcpy(operation->nonce, nonce, nonce_length); + + /* We know that nonce size cannot exceed the uint8_t size */ + operation->nonce_length = ( uint8_t ) nonce_length; + status = PSA_SUCCESS; + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 && nonce_length != 8) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + status = mbedtls_to_psa_error(mbedtls_chachapoly_starts( &operation->ctx.chachapoly, + nonce, + operation->is_encrypt ? + MBEDTLS_CHACHAPOLY_ENCRYPT : + MBEDTLS_CHACHAPOLY_DECRYPT ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) nonce; + ( void ) nonce_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + operation->nonce_set = 1; + } + + return( status ); +} + /* Declare the lengths of the message and additional data for AEAD. */ +psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + + if( !operation->key_set || operation->lengths_set ) + { + return( PSA_ERROR_BAD_STATE ); + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { +#if SIZE_MAX > UINT32_MAX + if( ( (uint64_t) ad_length ) >> 61 != 0 || + ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) + { + return ( PSA_ERROR_INVALID_ARGUMENT ); + } +#endif + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( ad_length > 0xFF00 ) + { + return ( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* No length restrictions for ChaChaPoly. */ + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) ad_length; + ( void ) plaintext_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + operation->ad_remaining = ad_length; + operation->body_remaining = plaintext_length; + operation->lengths_set = 1; + + return ( PSA_SUCCESS ); +} + +/* Pass additional data to an active multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( !operation->nonce_set || !operation->key_set ) + { + return( PSA_ERROR_BAD_STATE ); + } + + if( operation->lengths_set ) + { + if ( operation->ad_remaining < input_length ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + operation->ad_remaining -= input_length; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + if( !operation->lengths_set || operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* GCM currently requires all the additional data to be passed in in + * one contigious buffer, so until that is re-done, we have to enforce + * this, as we cannot allocate a buffer to collate multiple calls into. + */ + if( input_length != operation->ad_remaining ) + { + return ( PSA_ERROR_INVALID_ARGUMENT ); + } + + status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm, + operation->is_encrypt ? + MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + operation->nonce, + operation->nonce_length, + input, + input_length ) ); + + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + /* CCM requires all additional data to be passed in in one go at the + minute, as we are basically operating in oneshot mode. */ + if( !operation->lengths_set || operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* Save the additional data for later, this will be passed in + when we have the body. */ + operation->ad_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + + if( operation->ad_buffer ) + { + memcpy( operation->ad_buffer, input, input_length ); + operation->ad_length = input_length; + } + else + { + return ( PSA_ERROR_INSUFFICIENT_MEMORY ); + } + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + status = mbedtls_to_psa_error( mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly, + input, + input_length ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + (void) input; + (void) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + operation->ad_started = 1; + } + + return ( status ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + * operation.*/ +psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + size_t update_output_size; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( !operation->nonce_set || !operation->key_set || !operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type, + operation->alg, input_length); + + if(update_output_size > output_size ) + { + return ( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + if( operation->lengths_set) + { + /* Additional data length was supplied, but not all the additional + data was supplied.*/ + if( operation->ad_remaining != 0 ) + { + return ( PSA_ERROR_INVALID_ARGUMENT ); + } + + /* Too much data provided. */ + if( operation->body_remaining < input_length ) + { + return ( PSA_ERROR_INVALID_ARGUMENT ); + } + + operation->body_remaining -= input_length; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* For the time being set the requirement that all of the body data + * must be passed in in one update, rather than deal with the complexity + * of non block size aligned updates. This will be fixed in 3.0 when + we can change the signature of the GCM multipart functions */ + if( !operation->lengths_set || operation->body_remaining != 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + + if( operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + status = mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm, + input_length, + input, + output ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + /* CCM dooes not support multipart yet, so all the input has to be + passed in in one go. Store the data for the final step.*/ + if( operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* Save the additional data for later, this will be passed in + when we have the body. */ + operation->data_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + + if( operation->data_buffer ) + { + memcpy( operation->data_buffer, input, input_length ); + operation->data_length = input_length; + } + else + { + return ( PSA_ERROR_INSUFFICIENT_MEMORY ); + } + + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + status = mbedtls_to_psa_error( mbedtls_chachapoly_update( &operation->ctx.chachapoly, + input_length, + input, + output ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + (void) input; + (void) input_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + *output_length = update_output_size; + operation->body_started = 1; + } + + return( status ); +} + +/* Common checks for both mbedtls_psa_aead_finish() and + mbedtls_psa_aead_verify() */ +static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation, + size_t output_size, + size_t tag_size, + size_t *finish_output_size, + size_t *output_tag_length ) +{ + if( !operation->key_set || !operation->nonce_set + || !operation->ad_started || !operation->body_started) + { + return( PSA_ERROR_BAD_STATE ); + } + + if( operation->lengths_set ) + { + if( operation->ad_remaining != 0 || operation->body_remaining != 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + } + + *output_tag_length = operation->tag_length; + + if( tag_size < *output_tag_length) + { + return ( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + if( operation->is_encrypt ) + { + *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(operation->key_type, + operation->alg); + } + else + { + *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(operation->key_type, + operation->alg); + } + + if( output_size < *finish_output_size ) + { + return ( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + return ( PSA_SUCCESS ); + +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t output_tag_length; + size_t finish_output_size; + + status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size, &finish_output_size, + &output_tag_length); + + if( status != PSA_SUCCESS ) + { + return status; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* We will need to do final GCM pass in here when multipart is done. */ + status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, + tag, + tag_size ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( !operation->ad_buffer || !operation->data_buffer ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* Perform oneshot CCM encryption with data already stored, as + CCM does not support multipart yet.*/ + status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, + operation->data_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + operation->data_buffer, + ciphertext, + tag, tag_size ) ); + + /* Even if the above operation fails, we no longer need the data */ + mbedtls_free(operation->ad_buffer); + operation->ad_buffer = NULL; + operation->ad_length = 0; + + mbedtls_free(operation->data_buffer); + operation->data_buffer = NULL; + operation->data_length = 0; + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + tag ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) ciphertext; + ( void ) ciphertext_size; + ( void ) ciphertext_length; + ( void ) tag; + ( void ) tag_size; + ( void ) tag_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + *ciphertext_length = finish_output_size; + *tag_length = output_tag_length; + } + + mbedtls_psa_aead_abort(operation); + + return ( status ); +} + +/* Finish authenticating and decrypting a message in a multipart AEAD + * operation.*/ +psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + size_t finish_output_size; + size_t output_tag_length; + + int do_tag_check = 1; + uint8_t check_tag[16]; + + status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length, &finish_output_size, + &output_tag_length); + + if( status != PSA_SUCCESS ) + { + return status; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* Call finish to get the tag for comparison */ + status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, + check_tag, + 16 ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( !operation->ad_buffer || !operation->data_buffer ) + { + return( PSA_ERROR_BAD_STATE ); + } + + /* Perform oneshot CCM decryption with data already stored, as + CCM does not support multipart yet.*/ + + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->data_length, + operation->nonce, operation->nonce_length, + operation->ad_buffer, operation->ad_length, + operation->data_buffer, plaintext, + tag, tag_length ); + + if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + } + else + { + status = mbedtls_to_psa_error( ret ); + do_tag_check = 0; + } + + /* Even if the above operation fails, we no longer need the data */ + mbedtls_free(operation->ad_buffer); + operation->ad_buffer = NULL; + operation->ad_length = 0; + + mbedtls_free(operation->data_buffer); + operation->data_buffer = NULL; + operation->data_length = 0; + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + // call finish to get the tag for comparison. + status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + check_tag ) ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + { + ( void ) plaintext; + ( void ) plaintext_size; + ( void ) plaintext_length; + ( void ) tag; + ( void ) tag_length; + + return ( PSA_ERROR_NOT_SUPPORTED ); + } + + if( status == PSA_SUCCESS ) + { + if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 ) + { + status = MBEDTLS_ERR_GCM_AUTH_FAILED; + } + } + + mbedtls_psa_aead_abort(operation); + + return ( status ); +} + +/* Abort an AEAD operation */ +psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) +{ + switch( operation->alg ) + { +#if defined(MBEDTLS_CCM_C) + case MBEDTLS_PSA_BUILTIN_ALG_CCM: + mbedtls_ccm_free( &operation->ctx.ccm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + case PSA_ALG_GCM: + mbedtls_gcm_free( &operation->ctx.gcm ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + case PSA_ALG_CHACHA20_POLY1305: + mbedtls_chachapoly_free( &operation->ctx.chachapoly ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + } + + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index aab0f835c..d7aac24ed 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -148,4 +148,644 @@ psa_status_t mbedtls_psa_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +/** Set the key for a multipart authenticated encryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_encrypt_setup entry point. This function behaves as an + * aead_encrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * The sequence of operations to encrypt a message with authentication + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_aead_operation_t, e.g. + * #PSA_AEAD_OPERATION_INIT. + * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key. + * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of + * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and + * mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths() + * for details. + * -# Call either mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce() to + * generate or set the nonce. You should use + * mbedtls_psa_aead_generate_nonce() unless the protocol you are implementing + * requires a specific nonce value. + * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment + * of the non-encrypted additional authenticated data each time. + * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment + * of the message to encrypt each time. + * -# Call mbedtls_psa_aead_finish(). + * + * If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(), + * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The + * application may call mbedtls_psa_aead_abort() at any time after the operation + * has been initialized. + * + * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to mbedtls_psa_aead_finish(). + * - A call to mbedtls_psa_aead_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #mbedtls_psa_aead_operation_t and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg); + +/** Set the key for a multipart authenticated decryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_decrypt_setup entry point. This function behaves as an + * aead_decrypt_setup entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * The sequence of operations to decrypt a message with authentication + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_aead_operation_t, e.g. + * #PSA_AEAD_OPERATION_INIT. + * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key. + * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the + * inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and + * mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths() + * for details. + * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption. + * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment + * of the non-encrypted additional authenticated data each time. + * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment + * of the ciphertext to decrypt each time. + * -# Call mbedtls_psa_aead_verify(). + * + * If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(), + * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The + * application may call mbedtls_psa_aead_abort() at any time after the operation + * has been initialized. + * + * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to mbedtls_psa_aead_verify(). + * - A call to mbedtls_psa_aead_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_aead_operation_t and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg); + +/** Generate a random nonce for an authenticated encryption operation. + * + * \note The signature of this function is that of a PSA driver + * aead_generate_nonce entry point. This function behaves as an + * aead_generate_nonce entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * This function generates a random nonce for the authenticated encryption + * operation with an appropriate size for the chosen algorithm, key type + * and key size. + * + * The application must call mbedtls_psa_aead_encrypt_setup() before + * calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[out] nonce Buffer where the generated nonce is to be + * written. + * \param nonce_size Size of the \p nonce buffer in bytes. + * \param[out] nonce_length On success, the number of bytes of the + * generated nonce. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active aead encrypt + * operation, with no nonce set). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p nonce buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_generate_nonce(psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length); + +/** Set the nonce for an authenticated encryption or decryption operation. + * + * \note The signature of this function is that of a PSA driver + * psa_aead_set_nonce entry point. This function behaves as an + * psa_aead_set_nonce entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * This function sets the nonce for the authenticated + * encryption or decryption operation. + * + * The application must call mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup() before calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce() + * instead of this function, unless implementing a protocol that requires + * a non-random IV. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] nonce Buffer containing the nonce to use. + * \param nonce_length Size of the nonce in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, with no nonce + * set). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p nonce is not acceptable for the chosen algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length); + +/** Declare the lengths of the message and additional data for AEAD. + * + * \note The signature of this function is that of a PSA driver + * psa_aead_set_lengths entry point. This function behaves as an + * psa_aead_set_lengths entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * The application must call this function before calling + * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for + * the operation requires it. If the algorithm does not require it, + * calling this function is optional, but if this function is called + * then the implementation must enforce the lengths. + * + * You may call this function before or after setting the nonce with + * mbedtls_psa_aead_set_nonce() or mbedtls_psa_aead_generate_nonce(). + * + * - For #PSA_ALG_CCM, calling this function is required. + * - For the other AEAD algorithms defined in this specification, calling + * this function is not required. + * - For vendor-defined algorithm, refer to the vendor documentation. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param ad_length Size of the non-encrypted additional + * authenticated data in bytes. + * \param plaintext_length Size of the plaintext to encrypt in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and + * mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been + * called yet). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * At least one of the lengths is not acceptable for the chosen + * algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length); + +/** Pass additional data to an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update_ad entry point. This function behaves as an aead_update_ad + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Additional data is authenticated, but not encrypted. + * + * You may call this function multiple times to pass successive fragments + * of the additional data. You may not call this function after passing + * data to encrypt or decrypt with mbedtls_psa_aead_update(). + * + * Before calling this function, you must: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). + * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or + * mbedtls_psa_aead_set_nonce(). + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS, + * there is no guarantee that the input is valid. Therefore, until + * you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS, + * treat the input as untrusted and prepare to undo any action that + * depends on the input if mbedtls_psa_aead_verify() returns an error status. + * + * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire + * additional data to be passed in in one go, i.e. only call + * mbedtls_mbedtls_psa_aead_update_ad() once. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the fragment of + * additional data. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, have a nonce + * set, have lengths set if required by the algorithm, and + * mbedtls_psa_aead_update() must not have been called yet). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total input length overflows the additional data length that + * was previously specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length); + +/** Encrypt or decrypt a message fragment in an active AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_update entry point. This function behaves as an aead_update entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Before calling this function, you must: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). + * The choice of setup function determines whether this function + * encrypts or decrypts its input. + * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce(). + * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \warning When decrypting, until mbedtls_psa_aead_verify() has returned + * #PSA_SUCCESS, there is no guarantee that the input is valid. + * Therefore, until you have called mbedtls_psa_aead_verify() and it + * has returned #PSA_SUCCESS: + * - Do not use the output in any way other than storing it in a + * confidential location. If you take any action that depends + * on the tentative decrypted data, this action will need to be + * undone if the input turns out not to be valid. Furthermore, + * if an adversary can observe that this action took place + * (for example through timing), they may be able to use this + * fact as an oracle to decrypt any message encrypted with the + * same key. + * - In particular, do not copy the output anywhere but to a + * memory or storage space that you have exclusive access to. + * + * This function does not require the input to be aligned to any + * particular block boundary. If the implementation can only process + * a whole block at a time, it must consume all the input provided, but + * it may delay the end of the corresponding output until a subsequent + * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() or + * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that + * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * + * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire + * data to be passed in in one go, i.e. only call + * mbedtls_mbedtls_psa_aead_update() once. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * This must be at least + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, + * \p input_length) where \c alg is the + * algorithm that is being calculated. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, have a nonce + * set, and have lengths set if required by the algorithm). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * You can determine a sufficient buffer size by calling + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length) + * where \c alg is the algorithm that is being calculated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to mbedtls_psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total input length overflows the plaintext length that + * was previously specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Finish encrypting a message in an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_finish entry point. This function behaves as an aead_finish entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * The operation must have been set up with mbedtls_psa_aead_encrypt_setup(). + * + * This function finishes the authentication of the additional data + * formed by concatenating the inputs passed to preceding calls to + * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the + * inputs passed to preceding calls to mbedtls_psa_aead_update(). + * + * This function has two output buffers: + * - \p ciphertext contains trailing ciphertext that was buffered from + * preceding calls to mbedtls_psa_aead_update(). + * - \p tag contains the authentication tag. Its length is always + * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm + * that the operation performs. + * + * When this function returns successfuly, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[out] ciphertext Buffer where the last part of the ciphertext + * is to be written. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be at least + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where + * \c alg is the algorithm that is being + * calculated. + * \param[out] ciphertext_length On success, the number of bytes of + * returned ciphertext. + * \param[out] tag Buffer where the authentication tag is + * to be written. + * \param tag_size Size of the \p tag buffer in bytes. + * This must be at least + * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is + * the algorithm that is being calculated. + * \param[out] tag_length On success, the number of bytes + * that make up the returned tag. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active encryption + * operation with a nonce set). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p ciphertext or \p tag buffer is too small. + * You can determine a sufficient buffer size for \p ciphertext by + * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) + * where \c alg is the algorithm that is being calculated. + * You can determine a sufficient buffer size for \p tag by + * calling #PSA_AEAD_TAG_LENGTH(\c alg). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to mbedtls_psa_aead_update() so far is + * less than the plaintext length that was previously + * specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length); + +/** Finish authenticating and decrypting a message in an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_verify entry point. This function behaves as an aead_verify entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * The operation must have been set up with mbedtls_psa_aead_decrypt_setup(). + * + * This function finishes the authenticated decryption of the message + * components: + * + * - The additional data consisting of the concatenation of the inputs + * passed to preceding calls to mbedtls_psa_aead_update_ad(). + * - The ciphertext consisting of the concatenation of the inputs passed to + * preceding calls to mbedtls_psa_aead_update(). + * - The tag passed to this function call. + * + * If the authentication tag is correct, this function outputs any remaining + * plaintext and reports success. If the authentication tag is not correct, + * this function returns #PSA_ERROR_INVALID_SIGNATURE. + * + * When this function returns successfuly, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_aead_abort(). + * + * \note Implementations shall make the best effort to ensure that the + * comparison between the actual tag and the expected tag is performed + * in constant time. + * + * \param[in,out] operation Active AEAD operation. + * \param[out] plaintext Buffer where the last part of the plaintext + * is to be written. This is the remaining data + * from previous calls to mbedtls_psa_aead_update() + * that could not be processed until the end + * of the input. + * \param plaintext_size Size of the \p plaintext buffer in bytes. + * This must be at least + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where + * \c alg is the algorithm that is being + * calculated. + * \param[out] plaintext_length On success, the number of bytes of + * returned plaintext. + * \param[in] tag Buffer containing the authentication tag. + * \param tag_length Size of the \p tag buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculations were successful, but the authentication tag is + * not correct. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active decryption + * operation with a nonce set). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p plaintext buffer is too small. + * You can determine a sufficient buffer size for \p plaintext by + * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) + * where \c alg is the algorithm that is being calculated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to mbedtls_psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to mbedtls_psa_aead_update() so far is + * less than the plaintext length that was previously + * specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length); + +/** Abort an AEAD operation. + * + * \note The signature of this function is that of a PSA driver + * aead_abort entry point. This function behaves as an aead_abort entry + * point as defined in the PSA driver interface specification for + * transparent drivers. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. + * + * You may call this function any time after the operation object has + * been initialized as described in #psa_aead_operation_t. + * + * In particular, calling mbedtls_psa_aead_abort() after the operation has been + * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or + * mbedtls_psa_aead_verify() is safe and has no effect. + * + * \param[in,out] operation Initialized AEAD operation. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation); + + #endif /* PSA_CRYPTO_AEAD */ From 6504aa64517ffec5b3894119d86418223b299f6c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Apr 2021 17:09:36 +0100 Subject: [PATCH 003/195] First pass addition of driver wrappers Transparent driver test functions not yet implemented. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 10 +- library/psa_crypto_driver_wrappers.c | 371 +++++++++++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 61 +++++ 3 files changed, 441 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6c93814be..6f0fc01fe 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -156,6 +156,14 @@ struct psa_aead_operation_s psa_algorithm_t alg; psa_key_type_t key_type; + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int id; + unsigned int key_set : 1; unsigned int nonce_set : 1; unsigned int lengths_set : 1; @@ -197,7 +205,7 @@ struct psa_aead_operation_s } ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 795e42489..59a00a6cf 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1292,6 +1292,377 @@ psa_status_t psa_driver_wrapper_aead_decrypt( } } +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) +// status = test_transparent_aead_encrypt_setup( +// operation, attributes, +// key_buffer, key_buffer_size, +// alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + status = mbedtls_psa_aead_encrypt_setup( + operation, attributes, + key_buffer, key_buffer_size, + alg ); + + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) +// status = test_transparent_aead_decrypt_setup( +// operation, attributes, +// key_buffer, key_buffer_size, +// alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + status = mbedtls_psa_aead_decrypt_setup( + operation, attributes, + key_buffer, key_buffer_size, + alg ); + + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + return( status ); + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_aead_generate_nonce( + psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_generate_nonce( operation, nonce, nonce_size, + nonce_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_generate_nonce( +// operation, nonce, nonce_size, nonce_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)nonce; + (void)nonce_size; + (void)nonce_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_set_nonce( +// operation, nonce, nonce_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)nonce; + (void)nonce_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_set_lengths( +// operation, ad_length, plaintext_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ad_length; + (void)plaintext_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update_ad( operation, input, input_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_update_ad( +// operation, input, input_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_update( operation, input, input_length, output, + output_size, output_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_update( +// operation, input, input_length, ouput, output_size, +// output_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)input; + (void)input_length; + (void)output; + (void)output_size; + (void)output_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_finish( +// operation, ciphertext, ciphertext_size, +// ciphertext_length, tag, tag_size, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)ciphertext; + (void)ciphertext_size; + (void)ciphertext_length; + (void)tag; + (void)tag_size; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_verify( +// operation, ciphertext, ciphertext_size, +// ciphertext_length, tag, tag_length ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + (void)plaintext; + (void)plaintext_size; + (void)plaintext_length; + (void)tag; + (void)tag_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_aead_abort( operation ) ); + +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: +// return( test_transparent_aead_abort( operation ) ); + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} /* * MAC functions diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 37d5a9a1c..bdb2eba16 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -183,6 +183,67 @@ psa_status_t psa_driver_wrapper_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t psa_driver_wrapper_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_aead_generate_nonce( + psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ); + +psa_status_t psa_driver_wrapper_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t psa_driver_wrapper_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t psa_driver_wrapper_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t psa_driver_wrapper_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t psa_driver_wrapper_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t psa_driver_wrapper_aead_abort( + psa_aead_operation_t *operation ); + /* * MAC functions */ From 302ff6bdd632c61c5c50452ce1b5ac8226336a98 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Apr 2021 18:10:30 +0100 Subject: [PATCH 004/195] Implement multipart AEAD PSA interface Signed-off-by: Paul Elliott --- library/psa_crypto.c | 249 +++++++++++++++++++++++++++ library/psa_crypto_aead.c | 73 -------- library/psa_crypto_aead.h | 61 +------ library/psa_crypto_driver_wrappers.c | 33 ---- library/psa_crypto_driver_wrappers.h | 6 - 5 files changed, 257 insertions(+), 165 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2583735fe..6598cf43a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3214,6 +3214,255 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, return( status ); } +/* Set the key for a multipart authenticated encryption operation. */ +psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + + status = psa_get_and_lock_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + + if( status != PSA_SUCCESS ) + { + return( status ); + } + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_aead_encrypt_setup( operation, + &attributes, slot->key.data, + slot->key.bytes, alg ); + + + unlock_status = psa_unlock_key_slot( slot ); + + if( unlock_status != PSA_SUCCESS ) + { + return( unlock_status ); + } + + return( status ); +} + +/* Set the key for a multipart authenticated decryption operation. */ +psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + + status = psa_get_and_lock_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + + if( status != PSA_SUCCESS ) + { + return( status ); + } + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_aead_decrypt_setup( operation, + &attributes, slot->key.data, + slot->key.bytes, alg ); + + + unlock_status = psa_unlock_key_slot( slot ); + + if( unlock_status != PSA_SUCCESS ) + { + return( unlock_status ); + } + + return( status ); +} + +/* Generate a random nonce / IV for multipart AEAD operation */ +psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t required_nonce_size = nonce_size; + + *nonce_length = 0; + + if( !operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg); + + if( nonce_size == 0 || nonce_size < required_nonce_size ) + { + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + status = psa_generate_random( nonce, required_nonce_size ); + + if( status != PSA_SUCCESS ) + { + return status; + } + + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, required_nonce_size ); + + if( status == PSA_SUCCESS ) + { + *nonce_length = required_nonce_size; + } + + return status; +} + +/* Set the nonce for a multipart authenticated encryption or decryption + operation.*/ +psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + if( !operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ) ); +} + +/* Declare the lengths of the message and additional data for multipart AEAD. */ +psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + if( !operation->key_set || operation->lengths_set ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ) ); +} + /* Pass additional data to an active multipart AEAD operation. */ +psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + if( !operation->nonce_set || !operation->key_set ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_update_ad( operation, input, input_length ) ); +} + +/* Encrypt or decrypt a message fragment in an active multipart AEAD + operation.*/ +psa_status_t psa_aead_update( psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + + *output_length = 0; + + if( !operation->nonce_set || !operation->key_set || !operation->ad_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size, + output_length ) ); +} + +/* Finish encrypting a message in a multipart AEAD operation. */ +psa_status_t psa_aead_finish( psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + *ciphertext_length = 0; + *tag_length = 0; + + if( !operation->key_set || !operation->nonce_set || + !operation->ad_started || !operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); +} + +/* Finish authenticating and decrypting a message in a multipart AEAD + operation.*/ +psa_status_t psa_aead_verify( psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + *plaintext_length = 0; + + if( !operation->key_set || !operation->nonce_set || + !operation->ad_started || !operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length, + tag, tag_length ) ); +} + +/* Abort an AEAD operation. */ +psa_status_t psa_aead_abort(psa_aead_operation_t *operation) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( operation->id == 0 ) + { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return( PSA_SUCCESS ); + } + + status = psa_driver_wrapper_aead_abort( operation ); + + operation->id = 0; + operation->key_set = 0; + operation->nonce_set = 0; + operation->lengths_set = 0; + operation->is_encrypt = 0; + operation->ad_started = 0; + operation->body_started = 0; + + return( status ); +} + /****************************************************************/ /* Generators */ /****************************************************************/ diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 47b0e7b3e..f8cceae8e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -394,45 +394,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation, return ( status ); } -/* Generate a random nonce / IV for multipart AEAD operation */ -psa_status_t mbedtls_psa_aead_generate_nonce( psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length ) -{ - psa_status_t status; - size_t required_nonce_size = nonce_size; - - if( !operation->key_set || operation->nonce_set || - operation->ad_started || operation->body_started ) - { - return( PSA_ERROR_BAD_STATE ); - } - - required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg); - - if( nonce_size == 0 || nonce_size < required_nonce_size ) - { - return( PSA_ERROR_BUFFER_TOO_SMALL ); - } - - status = psa_generate_random( nonce, required_nonce_size ); - - if( status != PSA_SUCCESS ) - { - return status; - } - - status = mbedtls_psa_aead_set_nonce( operation, nonce, required_nonce_size ); - - if( status == PSA_SUCCESS ) - { - *nonce_length = required_nonce_size; - } - - return status; -} - /* Set a nonce for the multipart AEAD operation*/ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, @@ -440,19 +401,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, { psa_status_t status; - if( !operation->key_set || operation->nonce_set || - operation->ad_started || operation->body_started ) - { - return( PSA_ERROR_BAD_STATE ); - } - - /* Restricting to a nominal safe length for nonces even though some - algorithms can handle longer nonces, but not without collision */ - if( nonce_length > PSA_AEAD_NONCE_MAX_SIZE ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { @@ -514,11 +462,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation, size_t plaintext_length ) { - if( !operation->key_set || operation->lengths_set ) - { - return( PSA_ERROR_BAD_STATE ); - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { @@ -570,11 +513,6 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->nonce_set || !operation->key_set ) - { - return( PSA_ERROR_BAD_STATE ); - } - if( operation->lengths_set ) { if ( operation->ad_remaining < input_length ) @@ -675,11 +613,6 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, size_t update_output_size; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->nonce_set || !operation->key_set || !operation->ad_started ) - { - return( PSA_ERROR_BAD_STATE ); - } - update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type, operation->alg, input_length); @@ -791,12 +724,6 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat size_t *finish_output_size, size_t *output_tag_length ) { - if( !operation->key_set || !operation->nonce_set - || !operation->ad_started || !operation->body_started) - { - return( PSA_ERROR_BAD_STATE ); - } - if( operation->lengths_set ) { if( operation->ad_remaining != 0 || operation->body_remaining != 0 ) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index d7aac24ed..a9d268773 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -167,9 +167,9 @@ psa_status_t mbedtls_psa_aead_decrypt( * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and * mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths() * for details. - * -# Call either mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce() to - * generate or set the nonce. You should use - * mbedtls_psa_aead_generate_nonce() unless the protocol you are implementing + * -# Call either psa_aead_generate_nonce() or + * mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use + * psa_aead_generate_nonce() unless the protocol you are implementing * requires a specific nonce value. * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment * of the non-encrypted additional authenticated data each time. @@ -297,52 +297,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg); -/** Generate a random nonce for an authenticated encryption operation. - * - * \note The signature of this function is that of a PSA driver - * aead_generate_nonce entry point. This function behaves as an - * aead_generate_nonce entry point as defined in the PSA driver interface - * specification for transparent drivers. - * - * This function generates a random nonce for the authenticated encryption - * operation with an appropriate size for the chosen algorithm, key type - * and key size. - * - * The application must call mbedtls_psa_aead_encrypt_setup() before - * calling this function. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). - * - * \param[in,out] operation Active AEAD operation. - * \param[out] nonce Buffer where the generated nonce is to be - * written. - * \param nonce_size Size of the \p nonce buffer in bytes. - * \param[out] nonce_length On success, the number of bytes of the - * generated nonce. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active aead encrypt - * operation, with no nonce set). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p nonce buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_aead_generate_nonce(psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length); - /** Set the nonce for an authenticated encryption or decryption operation. * * \note The signature of this function is that of a PSA driver @@ -402,7 +356,7 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, * then the implementation must enforce the lengths. * * You may call this function before or after setting the nonce with - * mbedtls_psa_aead_set_nonce() or mbedtls_psa_aead_generate_nonce(). + * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce(). * * - For #PSA_ALG_CCM, calling this function is required. * - For the other AEAD algorithms defined in this specification, calling @@ -454,7 +408,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation, * * Before calling this function, you must: * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). - * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or + * 2. Set the nonce with psa_aead_generate_nonce() or * mbedtls_psa_aead_set_nonce(). * * If this function returns an error status, the operation enters an error @@ -509,8 +463,9 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation, * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). * The choice of setup function determines whether this function * encrypts or decrypts its input. - * 2. Set the nonce with mbedtls_psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce(). - * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. + * 2. Set the nonce with psa_aead_generate_nonce() or + * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass + * all the additional data. * * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_aead_abort(). diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 59a00a6cf..5e09fd231 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1394,39 +1394,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( } } -psa_status_t psa_driver_wrapper_aead_generate_nonce( - psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_generate_nonce( operation, nonce, nonce_size, - nonce_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: -// return( test_transparent_aead_generate_nonce( -// operation, nonce, nonce_size, nonce_length ) ); - - /* Add cases for opaque driver here */ - -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - } - - (void)nonce; - (void)nonce_size; - (void)nonce_length; - - return( PSA_ERROR_INVALID_ARGUMENT ); -} - psa_status_t psa_driver_wrapper_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index bdb2eba16..05adb53f7 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -195,12 +195,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t psa_driver_wrapper_aead_generate_nonce( - psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length ); - psa_status_t psa_driver_wrapper_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, From 5653da0201c19755fa3f2ced4d8d8eea681bfbc3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 21 Apr 2021 12:26:21 +0100 Subject: [PATCH 005/195] Fix errors with missing tests Return not supported for the time being whilst we don't have the transparent driver tests done. Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5e09fd231..91ad37f80 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1310,6 +1310,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) + status = PSA_ERROR_NOT_SUPPORTED; // status = test_transparent_aead_encrypt_setup( // operation, attributes, // key_buffer, key_buffer_size, @@ -1361,6 +1362,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) + status = PSA_ERROR_NOT_SUPPORTED; // status = test_transparent_aead_decrypt_setup( // operation, attributes, // key_buffer, key_buffer_size, @@ -1410,6 +1412,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_set_nonce( // operation, nonce, nonce_length ) ); @@ -1441,6 +1444,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_set_lengths( // operation, ad_length, plaintext_length ) ); @@ -1472,6 +1476,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_update_ad( // operation, input, input_length ) ); @@ -1507,6 +1512,7 @@ psa_status_t psa_driver_wrapper_aead_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_update( // operation, input, input_length, ouput, output_size, // output_length ) ); @@ -1547,6 +1553,7 @@ psa_status_t psa_driver_wrapper_aead_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_finish( // operation, ciphertext, ciphertext_size, // ciphertext_length, tag, tag_size, tag_length ) ); @@ -1587,6 +1594,7 @@ psa_status_t psa_driver_wrapper_aead_verify( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_verify( // operation, ciphertext, ciphertext_size, // ciphertext_length, tag, tag_length ) ); @@ -1620,6 +1628,7 @@ psa_status_t psa_driver_wrapper_aead_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( PSA_ERROR_NOT_SUPPORTED ); // return( test_transparent_aead_abort( operation ) ); /* Add cases for opaque driver here */ From 811d8d462fed3892b11a095438d4993dc7168cd8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Apr 2021 11:31:14 +0100 Subject: [PATCH 006/195] Fix incorrect enums being used Fix memory leak due to aead_abort() using incorrect enums to identify algorithm used. Fix incorrect return on failure to check tag on aead_verify() Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index f8cceae8e..e92dac512 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -948,7 +948,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, { if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 ) { - status = MBEDTLS_ERR_GCM_AUTH_FAILED; + status = PSA_ERROR_INVALID_SIGNATURE; } } @@ -960,10 +960,10 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, /* Abort an AEAD operation */ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) { - switch( operation->alg ) + switch( operation->alg ) { -#if defined(MBEDTLS_CCM_C) - case MBEDTLS_PSA_BUILTIN_ALG_CCM: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + case PSA_ALG_CCM: mbedtls_ccm_free( &operation->ctx.ccm ); break; #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -973,9 +973,9 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) break; #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - case PSA_ALG_CHACHA20_POLY1305: - mbedtls_chachapoly_free( &operation->ctx.chachapoly ); - break; + case PSA_ALG_CHACHA20_POLY1305: + mbedtls_chachapoly_free( &operation->ctx.chachapoly ); + break; #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ } From c4e1dcf006318c6c5f6d671c703bae4a65e188ae Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Apr 2021 18:59:23 +0100 Subject: [PATCH 007/195] Fix incorrect PSA key usage Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6598cf43a..a6d0cdb20 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3227,7 +3227,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, return( PSA_ERROR_NOT_SUPPORTED ); status = psa_get_and_lock_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) { From 72c10082ddd0c35133b32466133c7dddb7fb8194 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Apr 2021 19:02:16 +0100 Subject: [PATCH 008/195] Fix logic issues with state checks Also fix missing return values. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 48 +++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index e92dac512..b559f7a16 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -535,7 +535,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, * one contigious buffer, so until that is re-done, we have to enforce * this, as we cannot allocate a buffer to collate multiple calls into. */ - if( input_length != operation->ad_remaining ) + if( operation->ad_remaining != 0 ) { return ( PSA_ERROR_INVALID_ARGUMENT ); } @@ -556,7 +556,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, { /* CCM requires all additional data to be passed in in one go at the minute, as we are basically operating in oneshot mode. */ - if( !operation->lengths_set || operation->ad_started ) + if( operation->ad_started ) { return( PSA_ERROR_BAD_STATE ); } @@ -569,6 +569,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, { memcpy( operation->ad_buffer, input, input_length ); operation->ad_length = input_length; + status = PSA_SUCCESS; } else { @@ -613,10 +614,20 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, size_t update_output_size; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - update_output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE(operation->key_type, - operation->alg, input_length); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + /* CCM will currently not output anything until finish. */ + update_output_size = 0; + } + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) */ + { + update_output_size = input_length; + } - if(update_output_size > output_size ) + if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg, + input_length ) > output_size ) { return ( PSA_ERROR_BUFFER_TOO_SMALL ); } @@ -651,7 +662,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->ad_started ) + if( !operation->ad_started ) { return( PSA_ERROR_BAD_STATE ); } @@ -668,7 +679,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, { /* CCM dooes not support multipart yet, so all the input has to be passed in in one go. Store the data for the final step.*/ - if( operation->ad_started ) + if( operation->body_started ) { return( PSA_ERROR_BAD_STATE ); } @@ -681,6 +692,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, { memcpy( operation->data_buffer, input, input_length ); operation->data_length = input_length; + status = PSA_SUCCESS; } else { @@ -739,15 +751,25 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat return ( PSA_ERROR_BUFFER_TOO_SMALL ); } - if( operation->is_encrypt ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) { - *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE(operation->key_type, - operation->alg); + /* CCM will output all data at this step. */ + *finish_output_size = operation->data_length; } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ { - *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE(operation->key_type, - operation->alg); + if( operation->is_encrypt ) + { + *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, + operation->alg ); + } + else + { + *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, + operation->alg ); + } } if( output_size < *finish_output_size ) @@ -946,6 +968,8 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, if( status == PSA_SUCCESS ) { + *plaintext_length = finish_output_size; + if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 ) { status = PSA_ERROR_INVALID_SIGNATURE; From fd3ca24e565509693fae09a5227dfa2c6b583cff Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 25 Apr 2021 18:10:42 +0100 Subject: [PATCH 009/195] Move CCM ouput to update step. Move CCM to update all data at update step, as final step can only output at most a block length, so outputting all data at this step significantly breaks the tests. Had to add unpleasant workaround for the validate stage, but this is the only way I can do things without breaking CCM Alt implementations. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 10 +- library/psa_crypto_aead.c | 223 +++++++++++++++++++++--------------- 2 files changed, 135 insertions(+), 98 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6f0fc01fe..90a0c2098 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -179,11 +179,13 @@ struct psa_aead_operation_s /* Buffers for AD/data - only required until CCM gets proper multipart support. */ - uint8_t* ad_buffer; + uint8_t *ad_buffer; size_t ad_length; - uint8_t* data_buffer; - size_t data_length; + uint8_t *body_buffer; + uint8_t body_length; + + uint8_t *tag_buffer; /* buffer to store Nonce - only required until CCM and GCM get proper multipart support. */ @@ -205,7 +207,7 @@ struct psa_aead_operation_s } ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index b559f7a16..bfa271b5a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -613,18 +613,9 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, { size_t update_output_size; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - /* CCM will currently not output anything until finish. */ - update_output_size = 0; - } - else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) */ - { - update_output_size = input_length; - } + update_output_size = input_length; if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg, input_length ) > output_size ) @@ -678,27 +669,78 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, if( operation->alg == PSA_ALG_CCM ) { /* CCM dooes not support multipart yet, so all the input has to be - passed in in one go. Store the data for the final step.*/ + passed in in one go. */ if( operation->body_started ) { return( PSA_ERROR_BAD_STATE ); } - /* Save the additional data for later, this will be passed in - when we have the body. */ - operation->data_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + /* Need to store tag for Finish() / Verify() */ + operation->tag_buffer = ( uint8_t * ) mbedtls_calloc(1, operation->tag_length ); - if( operation->data_buffer ) + if( operation->tag_buffer ) { - memcpy( operation->data_buffer, input, input_length ); - operation->data_length = input_length; - status = PSA_SUCCESS; + + if( operation->is_encrypt ) + { + /* Perform oneshot CCM encryption with additional data already + stored, as CCM does not support multipart yet.*/ + status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, + input_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + input, + output, + operation->tag_buffer, + operation->tag_length ) ); + + /* Even if the above operation fails, we no longer need the + additional data.*/ + mbedtls_free(operation->ad_buffer); + operation->ad_buffer = NULL; + operation->ad_length = 0; + } + else + { + /* Need to back up the body data so we can do this again + later.*/ + operation->body_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + + if( operation->body_buffer ) + { + memcpy( operation->body_buffer, input, input_length ); + operation->body_length = input_length; + + /* this will fail, as the tag is clearly false, but will write the + decrypted data to the output buffer. */ + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, input_length, + operation->nonce, operation->nonce_length, + operation->ad_buffer, operation->ad_length, + input, output, + operation->tag_buffer, + operation->tag_length ); + + if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + { + status = PSA_SUCCESS; + } + else + { + status = mbedtls_to_psa_error( ret ); + } + } + else + { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + } + } } else { - return ( PSA_ERROR_INSUFFICIENT_MEMORY ); + status = PSA_ERROR_INSUFFICIENT_MEMORY; } - } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -732,10 +774,10 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, mbedtls_psa_aead_verify() */ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation, size_t output_size, - size_t tag_size, - size_t *finish_output_size, - size_t *output_tag_length ) + size_t tag_size ) { + size_t finish_output_size; + if( operation->lengths_set ) { if( operation->ad_remaining != 0 || operation->body_remaining != 0 ) @@ -744,41 +786,28 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat } } - *output_tag_length = operation->tag_length; - - if( tag_size < *output_tag_length) + if( tag_size < operation->tag_length ) { return ( PSA_ERROR_BUFFER_TOO_SMALL ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) + if( operation->is_encrypt ) { - /* CCM will output all data at this step. */ - *finish_output_size = operation->data_length; + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, + operation->alg ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ { - if( operation->is_encrypt ) - { - *finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, - operation->alg ); - } - else - { - *finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, + finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg ); - } } - if( output_size < *finish_output_size ) + if( output_size < finish_output_size ) { return ( PSA_ERROR_BUFFER_TOO_SMALL ); } return ( PSA_SUCCESS ); - } /* Finish encrypting a message in a multipart AEAD operation. */ @@ -791,11 +820,9 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, size_t *tag_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t output_tag_length; - size_t finish_output_size; + size_t finish_output_size = 0; - status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size, &finish_output_size, - &output_tag_length); + status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size ); if( status != PSA_SUCCESS ) { @@ -815,31 +842,13 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - if( !operation->ad_buffer || !operation->data_buffer ) - { - return( PSA_ERROR_BAD_STATE ); - } + /* Copy the previously generated tag into place */ + memcpy( tag, operation->tag_buffer, operation->tag_length ); - /* Perform oneshot CCM encryption with data already stored, as - CCM does not support multipart yet.*/ - status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, - operation->data_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - operation->data_buffer, - ciphertext, - tag, tag_size ) ); + mbedtls_free(operation->tag_buffer); + operation->tag_buffer = NULL; - /* Even if the above operation fails, we no longer need the data */ - mbedtls_free(operation->ad_buffer); - operation->ad_buffer = NULL; - operation->ad_length = 0; - - mbedtls_free(operation->data_buffer); - operation->data_buffer = NULL; - operation->data_length = 0; + status = PSA_SUCCESS; } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -865,7 +874,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, if( status == PSA_SUCCESS ) { *ciphertext_length = finish_output_size; - *tag_length = output_tag_length; + *tag_length = operation->tag_length; } mbedtls_psa_aead_abort(operation); @@ -885,14 +894,15 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t finish_output_size; - size_t output_tag_length; + uint8_t * temp_buffer; + size_t temp_buffer_size; + + size_t finish_output_size = 0; int do_tag_check = 1; uint8_t check_tag[16]; - status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length, &finish_output_size, - &output_tag_length); + status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length ); if( status != PSA_SUCCESS ) { @@ -905,45 +915,58 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, /* Call finish to get the tag for comparison */ status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, check_tag, - 16 ) ); + operation->tag_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - if( !operation->ad_buffer || !operation->data_buffer ) + if( !operation->ad_buffer || !operation->body_buffer ) { return( PSA_ERROR_BAD_STATE ); } - /* Perform oneshot CCM decryption with data already stored, as - CCM does not support multipart yet.*/ + /* Perform oneshot CCM decryption *again*, as its the + * only way to get the tag, but this time throw away the + results, as verify cannot write that much data. */ + temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, + operation->alg, operation->body_length ); - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->data_length, - operation->nonce, operation->nonce_length, - operation->ad_buffer, operation->ad_length, - operation->data_buffer, plaintext, - tag, tag_length ); + temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size ); - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + if( temp_buffer ) { - status = PSA_ERROR_INVALID_SIGNATURE; + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->body_length, + operation->nonce, operation->nonce_length, + operation->ad_buffer, operation->ad_length, + operation->body_buffer, temp_buffer, + tag, tag_length ); + + if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + } + else + { + status = mbedtls_to_psa_error( ret ); + do_tag_check = 0; + } } else { - status = mbedtls_to_psa_error( ret ); - do_tag_check = 0; + status = PSA_ERROR_INSUFFICIENT_MEMORY; } /* Even if the above operation fails, we no longer need the data */ - mbedtls_free(operation->ad_buffer); - operation->ad_buffer = NULL; - operation->ad_length = 0; + mbedtls_free(temp_buffer); - mbedtls_free(operation->data_buffer); - operation->data_buffer = NULL; - operation->data_length = 0; + mbedtls_free(operation->body_buffer); + operation->body_buffer = NULL; + operation->body_length = 0; + + mbedtls_free(operation->tag_buffer); + operation->tag_buffer = NULL; } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -953,6 +976,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, // call finish to get the tag for comparison. status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, check_tag ) ); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ @@ -1003,6 +1027,17 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ } + mbedtls_free(operation->ad_buffer); + operation->ad_buffer = NULL; + operation->ad_length = 0; + + mbedtls_free(operation->body_buffer); + operation->body_buffer = NULL; + operation->body_length = 0; + + mbedtls_free(operation->tag_buffer); + operation->tag_buffer = NULL; + return( PSA_SUCCESS ); } From 0023e0a1de4f0392125c2b5f3e15e13506abbb35 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 10:06:22 +0100 Subject: [PATCH 010/195] Add tests for multipart AEAD Just clone of one shot tests for now - all additional data and body data is passed in in one go. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 264 +++++++ tests/suites/test_suite_psa_crypto.function | 778 ++++++++++++++++++++ 2 files changed, 1042 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7b86185b9..fc79741dc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2062,6 +2062,270 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED +PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":-1:"":-1:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":-1:"":-1:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":-1:"":-1:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":-1:"":-1:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":-1:"d2ae38c4375954835d75b8e4c2f9bbb4":-1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":-1:"d3f3f57033df30c22860231334b099cb":-1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":-1:"e7fb0631eebf9bdba87045b33650c4ce":-1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":-1:"636871d4c0aae3da7b55abd8b5f21297":-1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":-1:"3d952be11deb421b56e0ce9d7ce99553":-1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":-1:"fdd8a462c86d4365c8bfee0e25fc8a62":-1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":-1:"":-1:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":-1:"":-1:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":-1:"":-1:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":-1:"":-1:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":-1:"":-1:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":-1:"":-1:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":-1:"722ee47da4b77424733546c2d400c4e5":-1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":-1:"bcf48ddcfe9d011a1003973d68d2d78a":-1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":-1:"c37aada3d4408e880d47e41df77da9b9":-1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":-1:"e5f410fe939e79b7ad33fbd3aaf5856f":-1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, invalid signature +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":-1:"db1a74ffb5f7de26f5742e0942b1b9cb":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":-1:"434ff68f2436f48418fd69f52158":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":-1:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":-1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":-1:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":-1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":-1:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":-1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":-1:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":-1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":-1:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":-1:"496909523f574b205d757659c5":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":-1:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":-1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":-1:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":-1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":-1:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":-1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":-1:"15e051a5e4a5f5da6cea92e2ebee5bac":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":-1:"84c8beff4b0d160ee68ac613097f51":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":-1:"8d6351f18d873242204c20144e2b83":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":-1:"3bfd3d99fe2063e8ef8255519fe0":-1:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":-1:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":-1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":-1:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":-1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":-1:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":-1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":-1:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":-1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":-1:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":-1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":-1:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":-1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04":-1:"":PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR) +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED + +PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20) +depends_on:MBEDTLS_CHACHA20_C +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bff0c35a0..991b10a8a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3152,6 +3152,784 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_encrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + data_t *expected_result ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t part_data_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[16]; + uint8_t tag_buffer[16]; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= 16 ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len + tag_length ) ); + + ASSERT_ALLOC( output_data, output_size ); + + ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + operation = psa_aead_operation_init(); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + if( nonce->len == 0 ) + { + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), + &nonce_length ) ); + } + else + { + nonce_length = nonce->len; + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ) ); + } +#endif + + if( ad_part_len != -1 ) + { + /* Pass addtional data in parts */ + part_offset = 0; + + while( part_offset <= additional_data->len) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset, + part_length ) ); + + part_offset += part_length; + } + } + else + { + /* Pass additional data in one go. */ + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) ); + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset <= input_data->len) + { + if( input_data->len - part_offset < ( uint32_t ) data_part_len ) + { + part_length = input_data->len - part_offset; + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ) ); + + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + /* Pass whole data in one go */ + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + } + + PSA_ASSERT( psa_aead_finish( &operation, final_data, + PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + &output_part_length, + tag_buffer, tag_length, + &tag_size ) ); + + memcpy( ( output_data + output_length ), final_data, output_part_length ); + + TEST_EQUAL(tag_length, tag_size); + + output_length += output_part_length; + + memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + + output_length += tag_length; + + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( output_length, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + + ASSERT_COMPARE( expected_result->x, expected_result->len, + output_data, output_length ); + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + int expected_result_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t part_data_size; + size_t output_size = 0; + size_t output_length = 0; + unsigned char *output_data2 = NULL; + size_t output_size2 = 0; + size_t output_length2 = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[16]; + uint8_t tag_buffer[16]; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_result = expected_result_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= 16 ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + operation = psa_aead_operation_init(); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + if( nonce->len == 0 ) + { + status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), + &nonce_length ); + } + else + { + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, input_data->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset <= additional_data->len) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + status = psa_aead_update_ad( &operation, additional_data->x + part_offset, + part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + part_offset += part_length; + } + } + else + { + status = psa_aead_update_ad(&operation, additional_data->x, additional_data->len); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset <= input_data->len) + { + if( input_data->len - part_offset < ( uint32_t ) data_part_len ) + { + part_length = input_data->len - part_offset; + } + else + { + part_length = data_part_len; + } + + status = psa_aead_update( &operation, ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + status = psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + status = psa_aead_finish( &operation, final_data, + PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + &output_part_length, + tag_buffer, tag_length, + &tag_size ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + memcpy( ( output_data + output_length ), final_data, output_part_length ); + + output_length += output_part_length; + + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + TEST_EQUAL( ( output_length + tag_length ), + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + + TEST_EQUAL(tag_length, tag_size); + + if( PSA_SUCCESS == expected_result ) + { + output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, output_length ); + ASSERT_ALLOC( output_data2, output_size2 ); + + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( input_data->len, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + ( output_length + tag_length ) ) ); + + TEST_ASSERT( input_data->len <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + tag_length ) ); + + operation = psa_aead_operation_init(); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + TEST_EQUAL( status, expected_result ); + + if( nonce->len == 0 ) + { + /* Use previously generated nonce. */ + status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); + } + else + { + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset <= additional_data->len) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset, + part_length ) ); + + part_offset += part_length; + } + } + else + { + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) ); + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset <= ( input_data->len - tag_length ) ) + { + if( ( input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len ) + { + part_length = ( input_data->len - tag_length - part_offset ); + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ) ); + + memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + + part_offset += part_length; + output_length2 += output_part_length; + } + } + else + { + PSA_ASSERT( psa_aead_update( &operation, output_data, + output_length, output_data2, + output_size2, &output_length2 ) ); + } + + PSA_ASSERT( psa_aead_verify( &operation, final_data, + PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + &output_part_length, + tag_buffer, tag_length ) ); + + memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + + output_length2 += output_part_length; + + ASSERT_COMPARE( input_data->x, input_data->len, + output_data2, output_length2 ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( output_data2 ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void aead_multipart_decrypt( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + data_t *expected_data, + int expected_result_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t part_data_size; + size_t output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[16]; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t expected_result = expected_result_arg; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len - tag_length ) ); + + ASSERT_ALLOC( output_data, output_size ); + ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + + operation = psa_aead_operation_init(); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + if( nonce->len == 0 ) + { + status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), + &nonce_length ); + } + else + { + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, + ( input_data->len - tag_length ) ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset <= additional_data->len) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + status = psa_aead_update_ad( &operation, additional_data->x + part_offset, + part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + part_offset += part_length; + } + } + else + { + status = psa_aead_update_ad( &operation, additional_data->x, additional_data->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset <= input_data->len) + { + if( (input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len ) + { + part_length = ( input_data->len - tag_length - part_offset ); + } + else + { + part_length = data_part_len; + } + + status = psa_aead_update( &operation, ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + status = psa_aead_update( &operation, input_data->x, + ( input_data->len - tag_length ), output_data, + output_size, &output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + status = psa_aead_verify( &operation, final_data, + PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE, + &output_part_length, + ( input_data->x + input_data->len - tag_length ), + tag_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + memcpy( ( output_data + output_length ), final_data, output_part_length ); + + output_length += output_part_length; + + if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + { + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( output_length, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + + if( expected_result == PSA_SUCCESS ) + ASSERT_COMPARE( expected_data->x, expected_data->len, + output_data, output_length ); + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, From 4bbe82bdcc606672bda65dc4a3bcd57b2894a185 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 12:11:56 +0100 Subject: [PATCH 011/195] Add transparent driver tests for M-AEAD Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 48 +++---- tests/include/test/drivers/aead.h | 55 ++++++++ tests/src/drivers/test_driver_aead.c | 204 +++++++++++++++++++++++++++ 3 files changed, 283 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 91ad37f80..ce49a226b 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1311,10 +1311,10 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = PSA_ERROR_NOT_SUPPORTED; -// status = test_transparent_aead_encrypt_setup( -// operation, attributes, -// key_buffer, key_buffer_size, -// alg ); + status = test_transparent_aead_encrypt_setup( + operation, attributes, + key_buffer, key_buffer_size, + alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; @@ -1363,10 +1363,10 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = PSA_ERROR_NOT_SUPPORTED; -// status = test_transparent_aead_decrypt_setup( -// operation, attributes, -// key_buffer, key_buffer_size, -// alg ); + status = test_transparent_aead_decrypt_setup( + operation, attributes, + key_buffer, key_buffer_size, + alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; @@ -1413,8 +1413,8 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_set_nonce( -// operation, nonce, nonce_length ) ); + return( test_transparent_aead_set_nonce( + operation, nonce, nonce_length ) ); /* Add cases for opaque driver here */ @@ -1445,8 +1445,8 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_set_lengths( -// operation, ad_length, plaintext_length ) ); + return( test_transparent_aead_set_lengths( + operation, ad_length, plaintext_length ) ); /* Add cases for opaque driver here */ @@ -1477,8 +1477,8 @@ psa_status_t psa_driver_wrapper_aead_update_ad( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_update_ad( -// operation, input, input_length ) ); + return( test_transparent_aead_update_ad( + operation, input, input_length ) ); /* Add cases for opaque driver here */ @@ -1513,9 +1513,9 @@ psa_status_t psa_driver_wrapper_aead_update( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_update( -// operation, input, input_length, ouput, output_size, -// output_length ) ); + return( test_transparent_aead_update( + operation, input, input_length, output, output_size, + output_length ) ); /* Add cases for opaque driver here */ @@ -1554,9 +1554,9 @@ psa_status_t psa_driver_wrapper_aead_finish( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_finish( -// operation, ciphertext, ciphertext_size, -// ciphertext_length, tag, tag_size, tag_length ) ); + return( test_transparent_aead_finish( + operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); /* Add cases for opaque driver here */ @@ -1595,9 +1595,9 @@ psa_status_t psa_driver_wrapper_aead_verify( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_verify( -// operation, ciphertext, ciphertext_size, -// ciphertext_length, tag, tag_length ) ); + return( test_transparent_aead_verify( + operation, plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); /* Add cases for opaque driver here */ @@ -1629,7 +1629,7 @@ psa_status_t psa_driver_wrapper_aead_abort( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( PSA_ERROR_NOT_SUPPORTED ); -// return( test_transparent_aead_abort( operation ) ); + return( test_transparent_aead_abort( operation ) ); /* Add cases for opaque driver here */ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 2207cb36f..23f32c0a8 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -67,5 +67,60 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +psa_status_t test_transparent_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t test_transparent_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t test_transparent_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); + +psa_status_t test_transparent_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + +psa_status_t test_transparent_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t test_transparent_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t test_transparent_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); + +psa_status_t test_transparent_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); + +psa_status_t test_transparent_aead_abort( + psa_aead_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 25396c92f..67118efcb 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -93,4 +93,208 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( return( mbedtls_test_driver_aead_hooks.driver_status ); } +psa_status_t test_transparent_aead_encrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_decrypt_setup( + psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update_ad( operation, input, input_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_update( operation, input, input_length, output, + output_size, output_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, + plaintext_length, tag, tag_length ); + } + + return( test_driver_aead_hooks.driver_status ); +} + +psa_status_t test_transparent_aead_abort( + psa_aead_operation_t *operation ) +{ + test_driver_aead_hooks.hits++; + + if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_aead_hooks.driver_status = + test_driver_aead_hooks.forced_status; + } + else + { + test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_abort( operation ); + } + + return( test_driver_aead_hooks.driver_status ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From d4e99ed40cd8a043daa8a62cec96ad58e3167570 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 16:34:31 +0100 Subject: [PATCH 012/195] Fix mistyped buffer size variable Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 90a0c2098..6c5639d1c 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -183,7 +183,7 @@ struct psa_aead_operation_s size_t ad_length; uint8_t *body_buffer; - uint8_t body_length; + size_t body_length; uint8_t *tag_buffer; From ac3c20013cba08babf891fa6616d25cdf7df5c7c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 27 Apr 2021 19:10:18 +0100 Subject: [PATCH 013/195] Prevent unsafe memcpy Some tests cause a zero length input or output, which can mean the allocated test output buffers can be zero length. Protect against calling memcpy blindly in these situations. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 45 ++++++++++++++++----- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 991b10a8a..a7ba67525 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3292,7 +3292,10 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, part_length, part_data, part_data_size, &output_part_length ) ); - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3312,13 +3315,19 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, tag_buffer, tag_length, &tag_size ) ); - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } TEST_EQUAL(tag_length, tag_size); output_length += output_part_length; - memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + if( output_data && tag_length ) + { + memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + } output_length += tag_length; @@ -3516,7 +3525,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3547,7 +3559,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data &&output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } output_length += output_part_length; @@ -3666,7 +3681,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, part_length, part_data, part_data_size, &output_part_length ) ); - memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length2 += output_part_length; @@ -3684,7 +3702,10 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, &output_part_length, tag_buffer, tag_length ) ); - memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + } output_length2 += output_part_length; @@ -3872,7 +3893,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, output_part_length ); + } part_offset += part_length; output_length += output_part_length; @@ -3903,7 +3927,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, goto exit; } - memcpy( ( output_data + output_length ), final_data, output_part_length ); + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, output_part_length ); + } output_length += output_part_length; From 72baf658193d97bca6e37eed1a195eec09b13bf3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 28 Apr 2021 13:23:27 +0100 Subject: [PATCH 014/195] Ensure operation id gets set even if failure Although this deviates from the standard "auto-generated" code, the M-AEAD setup functions set the key and thus allocate memory. If the failure occurs after this (invalid tag size for example) then not having the id set to the internal drivers means that abort does not get called, and this causes the allocated data to leak. Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index ce49a226b..1e1743501 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1330,8 +1330,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( key_buffer, key_buffer_size, alg ); - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); @@ -1382,8 +1381,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( key_buffer, key_buffer_size, alg ); - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); From 16e6dcd72e85ed3b56f5f9c3041cd9b98ea4c466 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 28 Apr 2021 13:27:39 +0100 Subject: [PATCH 015/195] Add missing abort call to the end of tests All tests should have an abort call in case of test failure to make sure everything is cleaned up. Also removed unused define. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a7ba67525..6ae5030ee 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3343,6 +3343,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, exit: psa_destroy_key( key ); + psa_aead_abort( &operation ); mbedtls_free( output_data ); mbedtls_free( part_data ); mbedtls_free( final_data ); @@ -3715,6 +3716,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, exit: psa_destroy_key( key ); + psa_aead_abort( &operation ); mbedtls_free( output_data ); mbedtls_free( output_data2 ); mbedtls_free( part_data ); @@ -3950,6 +3952,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, exit: psa_destroy_key( key ); + psa_aead_abort( &operation ); mbedtls_free( output_data ); mbedtls_free( part_data ); mbedtls_free( final_data ); From 7bc45ebf13d0496ea9ffd22c7e97f0678306b105 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 28 Apr 2021 13:44:46 +0100 Subject: [PATCH 016/195] Add Changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/add_psa_m_aead.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add_psa_m_aead.txt diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt new file mode 100644 index 000000000..d5c0a48c2 --- /dev/null +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -0,0 +1,3 @@ +Features + * Implemented the multipart AEAD API within the PSA Crypto API, along with + tests in the PSA Crypto test suite, and transparent driver wrappers. From fe5480a4c2a32931d4f7772b23da5935530d399d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 28 Apr 2021 16:44:37 +0100 Subject: [PATCH 017/195] Fix transparent driver wrappers Remove spurious "not supported" returns, and fix same issue that was encountered with internal implementations - operation needs to be marked as a type even if the initial call fails, otherwise cleanup won't get done. Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 1e1743501..0a7960ca7 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1316,8 +1316,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( key_buffer, key_buffer_size, alg ); /* Declared with fallback == true */ - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -1367,8 +1366,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( key_buffer, key_buffer_size, alg ); /* Declared with fallback == true */ - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -1410,7 +1408,6 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_set_nonce( operation, nonce, nonce_length ) ); @@ -1442,7 +1439,6 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_set_lengths( operation, ad_length, plaintext_length ) ); @@ -1474,7 +1470,6 @@ psa_status_t psa_driver_wrapper_aead_update_ad( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_update_ad( operation, input, input_length ) ); @@ -1510,7 +1505,6 @@ psa_status_t psa_driver_wrapper_aead_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_update( operation, input, input_length, output, output_size, output_length ) ); @@ -1551,7 +1545,6 @@ psa_status_t psa_driver_wrapper_aead_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ) ); @@ -1592,7 +1585,6 @@ psa_status_t psa_driver_wrapper_aead_verify( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_verify( operation, plaintext, plaintext_size, plaintext_length, tag, tag_length ) ); @@ -1626,7 +1618,6 @@ psa_status_t psa_driver_wrapper_aead_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( PSA_ERROR_NOT_SUPPORTED ); return( test_transparent_aead_abort( operation ) ); /* Add cases for opaque driver here */ From 5d9fa8d675da84a48d86fd1578751b67c9a2a204 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 4 May 2021 17:21:16 +0100 Subject: [PATCH 018/195] Add define to allow multipart ccm to work Add (internal only) define to config.h which allows the temporary implementation of CCM to work, by removing the buffer zeroization on tag fail when decrypting. This will obviously be removed when multipart CCM is properaly implemented Signed-off-by: Paul Elliott --- include/mbedtls/config.h | 8 ++ library/ccm.c | 2 + scripts/config.py | 1 + tests/suites/test_suite_psa_crypto.data | 112 ++++++++++++++++++++++++ 4 files changed, 123 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a4479d79f..6cb05e471 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3756,6 +3756,14 @@ */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED +/** + * Internal define that removes the zeroization of the output when decrypting + * CCM and the tag check fails. This is for internal use only, and was added so + * that PSA multipart CCM could be implmented. This option will be removed at + * some point in the future when proper CCM multipart support is implemented. + * Use at own risk. + */ +//#define MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations diff --git a/library/ccm.c b/library/ccm.c index 424ee77b6..d52e7b079 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -386,7 +386,9 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, if( diff != 0 ) { +#ifndef MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL mbedtls_platform_zeroize( output, length ); +#endif return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } diff --git a/scripts/config.py b/scripts/config.py index a77ead054..f9f06053d 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -197,6 +197,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS 'MBEDTLS_X509_REMOVE_INFO', # removes a feature + 'MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL', # lowers security of CCM ]) def is_seamless_alt(name): diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fc79741dc..8a85edd10 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2062,6 +2062,118 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED +PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #1 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #2 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS + +PSA Multipart AEAD encrypt/decrypt: DES-CCM not supported +depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_ERROR_NOT_SUPPORTED + +PSA Multipart AEAD encrypt: AES-CCM, 23 bytes +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=4 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=8 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=10 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=12 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f" + +PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=16 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" + +PSA Multipart AEAD decrypt: AES-CCM, 39 bytes +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-CCM, 40 bytes +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=4 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=8 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=10 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=12 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=16 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS + +PSA Multipart AEAD decrypt: AES-CCM, invalid signature +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt: AES-CCM, invalid signature, T=4 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt: AES-CCM, T=4, tag is truncated tag for T=16 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 0 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 2 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 15 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 15 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 18 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS From f0e21de4307e1b6d5d1b385b0cc52875323bbecc Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 6 May 2021 19:23:40 +0100 Subject: [PATCH 019/195] Fix generated files after adding config option Signed-off-by: Paul Elliott --- programs/test/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf..647279d68 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2723,6 +2723,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ +#if defined(MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL) + if( strcmp( "MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL ); + return( 0 ); + } +#endif /* MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL */ + /* If the symbol is not found, return an error */ return( 1 ); } From a218ceba931d8b8f9d1db7d85b08bb853e6a5147 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 7 May 2021 15:10:31 +0100 Subject: [PATCH 020/195] Merge upstream test driver changes locally Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 43 +++++---- tests/include/test/drivers/aead.h | 18 ++-- tests/src/drivers/test_driver_aead.c | 132 ++++++++++++++------------- 3 files changed, 101 insertions(+), 92 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0a7960ca7..7faedb30e 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1311,7 +1311,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = PSA_ERROR_NOT_SUPPORTED; - status = test_transparent_aead_encrypt_setup( + status = mbedtls_test_transparent_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -1361,7 +1361,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = PSA_ERROR_NOT_SUPPORTED; - status = test_transparent_aead_decrypt_setup( + status = mbedtls_test_transparent_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -1401,14 +1401,15 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ) ); + return( mbedtls_psa_aead_set_nonce( operation, nonce, + nonce_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_set_nonce( + return( mbedtls_test_transparent_aead_set_nonce( operation, nonce, nonce_length ) ); /* Add cases for opaque driver here */ @@ -1432,14 +1433,15 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ) ); + return( mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_set_lengths( + return( mbedtls_test_transparent_aead_set_lengths( operation, ad_length, plaintext_length ) ); /* Add cases for opaque driver here */ @@ -1463,14 +1465,15 @@ psa_status_t psa_driver_wrapper_aead_update_ad( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_update_ad( operation, input, input_length ) ); + return( mbedtls_psa_aead_update_ad( operation, input, + input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_update_ad( + return( mbedtls_test_transparent_aead_update_ad( operation, input, input_length ) ); /* Add cases for opaque driver here */ @@ -1497,15 +1500,16 @@ psa_status_t psa_driver_wrapper_aead_update( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_update( operation, input, input_length, output, - output_size, output_length ) ); + return( mbedtls_psa_aead_update( operation, input, input_length, + output, output_size, + output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_update( + return( mbedtls_test_transparent_aead_update( operation, input, input_length, output, output_size, output_length ) ); @@ -1537,15 +1541,17 @@ psa_status_t psa_driver_wrapper_aead_finish( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, tag_length ) ); + return( mbedtls_psa_aead_finish( operation, ciphertext, + ciphertext_size, + ciphertext_length, tag, + tag_size, tag_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_finish( + return( mbedtls_test_transparent_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ) ); @@ -1577,15 +1583,16 @@ psa_status_t psa_driver_wrapper_aead_verify( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, - plaintext_length, tag, tag_length ) ); + return( mbedtls_psa_aead_verify( operation, plaintext, + plaintext_size, plaintext_length, + tag, tag_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_verify( + return( mbedtls_test_transparent_aead_verify( operation, plaintext, plaintext_size, plaintext_length, tag, tag_length ) ); @@ -1618,7 +1625,7 @@ psa_status_t psa_driver_wrapper_aead_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_aead_abort( operation ) ); + return( mbedtls_test_transparent_aead_abort( operation ) ); /* Add cases for opaque driver here */ diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 23f32c0a8..e1058af8b 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -67,34 +67,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); -psa_status_t test_transparent_aead_encrypt_setup( +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t test_transparent_aead_decrypt_setup( +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t test_transparent_aead_set_nonce( +psa_status_t mbedtls_test_transparent_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ); -psa_status_t test_transparent_aead_set_lengths( +psa_status_t mbedtls_test_transparent_aead_set_lengths( psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ); -psa_status_t test_transparent_aead_update_ad( +psa_status_t mbedtls_test_transparent_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t test_transparent_aead_update( +psa_status_t mbedtls_test_transparent_aead_update( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, @@ -102,7 +102,7 @@ psa_status_t test_transparent_aead_update( size_t output_size, size_t *output_length ); -psa_status_t test_transparent_aead_finish( +psa_status_t mbedtls_test_transparent_aead_finish( psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, @@ -111,7 +111,7 @@ psa_status_t test_transparent_aead_finish( size_t tag_size, size_t *tag_length ); -psa_status_t test_transparent_aead_verify( +psa_status_t mbedtls_test_transparent_aead_verify( psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, @@ -119,7 +119,7 @@ psa_status_t test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ); -psa_status_t test_transparent_aead_abort( +psa_status_t mbedtls_test_transparent_aead_abort( psa_aead_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 67118efcb..34bbc51ab 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -93,116 +93,117 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_encrypt_setup( +psa_status_t mbedtls_test_transparent_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_decrypt_setup( +psa_status_t mbedtls_test_transparent_aead_decrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_set_nonce( +psa_status_t mbedtls_test_transparent_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_set_lengths( +psa_status_t mbedtls_test_transparent_aead_set_lengths( psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_update_ad( +psa_status_t mbedtls_test_transparent_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update_ad( operation, input, input_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_update( +psa_status_t mbedtls_test_transparent_aead_update( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, @@ -210,24 +211,24 @@ psa_status_t test_transparent_aead_update( size_t output_size, size_t *output_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update( operation, input, input_length, output, output_size, output_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_finish( +psa_status_t mbedtls_test_transparent_aead_finish( psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, @@ -236,24 +237,25 @@ psa_status_t test_transparent_aead_finish( size_t tag_size, size_t *tag_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, tag_length ); + ciphertext_length, tag, tag_size, + tag_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_verify( +psa_status_t mbedtls_test_transparent_aead_verify( psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, @@ -261,40 +263,40 @@ psa_status_t test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, plaintext_length, tag, tag_length ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } -psa_status_t test_transparent_aead_abort( +psa_status_t mbedtls_test_transparent_aead_abort( psa_aead_operation_t *operation ) { - test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits++; - if( test_driver_aead_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { - test_driver_aead_hooks.driver_status = - test_driver_aead_hooks.forced_status; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.forced_status; } else { - test_driver_aead_hooks.driver_status = + mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_abort( operation ); } - return( test_driver_aead_hooks.driver_status ); + return( mbedtls_test_driver_aead_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 2df40057b3ce3682a4ca36a4bff4c5bd3088091c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 7 May 2021 17:52:18 +0100 Subject: [PATCH 021/195] Fix excessive line lengths Signed-off-by: Paul Elliott --- library/psa_crypto.c | 30 ++-- library/psa_crypto_aead.c | 147 +++++++++++-------- tests/suites/test_suite_psa_crypto.function | 150 +++++++++++++------- 3 files changed, 206 insertions(+), 121 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a6d0cdb20..4ab0c63b3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3309,7 +3309,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg); + required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, + operation->alg); if( nonce_size == 0 || nonce_size < required_nonce_size ) { @@ -3323,7 +3324,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, return status; } - status = psa_driver_wrapper_aead_set_nonce( operation, nonce, required_nonce_size ); + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, + required_nonce_size ); if( status == PSA_SUCCESS ) { @@ -3345,7 +3347,8 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ) ); + return( psa_driver_wrapper_aead_set_nonce( operation, nonce, + nonce_length ) ); } /* Declare the lengths of the message and additional data for multipart AEAD. */ @@ -3358,7 +3361,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ) ); + return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, + plaintext_length ) ); } /* Pass additional data to an active multipart AEAD operation. */ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, @@ -3370,7 +3374,8 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_update_ad( operation, input, input_length ) ); + return( psa_driver_wrapper_aead_update_ad( operation, input, + input_length ) ); } /* Encrypt or decrypt a message fragment in an active multipart AEAD @@ -3390,7 +3395,8 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size, + return( psa_driver_wrapper_aead_update( operation, input, input_length, + output, output_size, output_length ) ); } @@ -3412,8 +3418,10 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size, - ciphertext_length, tag, tag_size, tag_length ) ); + return( psa_driver_wrapper_aead_finish( operation, ciphertext, + ciphertext_size, + ciphertext_length, + tag, tag_size, tag_length ) ); } /* Finish authenticating and decrypting a message in a multipart AEAD @@ -3433,8 +3441,10 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length, - tag, tag_length ) ); + return( psa_driver_wrapper_aead_verify( operation, plaintext, + plaintext_size, + plaintext_length, + tag, tag_length ) ); } /* Abort an AEAD operation. */ diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index bfa271b5a..f5b4dc512 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -355,8 +355,10 @@ exit: /* Set the key and algorithm for a multipart authenticated encryption * operation. */ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, + const psa_key_attributes_t + *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg ) { psa_status_t status; @@ -376,8 +378,10 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation, /* Set the key and algorithm for a multipart authenticated decryption * operation. */ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, + const psa_key_attributes_t + *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg ) { psa_status_t status; @@ -434,11 +438,12 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, return( PSA_ERROR_INVALID_ARGUMENT ); } - status = mbedtls_to_psa_error(mbedtls_chachapoly_starts( &operation->ctx.chachapoly, - nonce, - operation->is_encrypt ? - MBEDTLS_CHACHAPOLY_ENCRYPT : - MBEDTLS_CHACHAPOLY_DECRYPT ) ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_starts( &operation->ctx.chachapoly, + nonce, + operation->is_encrypt ? + MBEDTLS_CHACHAPOLY_ENCRYPT : + MBEDTLS_CHACHAPOLY_DECRYPT ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ @@ -540,13 +545,14 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, return ( PSA_ERROR_INVALID_ARGUMENT ); } - status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm, - operation->is_encrypt ? - MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, - operation->nonce, - operation->nonce_length, - input, - input_length ) ); + status = mbedtls_to_psa_error( + mbedtls_gcm_starts( &operation->ctx.gcm, + operation->is_encrypt ? + MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + operation->nonce, + operation->nonce_length, + input, + input_length ) ); } else @@ -581,9 +587,10 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { - status = mbedtls_to_psa_error( mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly, - input, - input_length ) ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update_aad( &operation->ctx.chachapoly, + input, + input_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ @@ -676,7 +683,8 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, } /* Need to store tag for Finish() / Verify() */ - operation->tag_buffer = ( uint8_t * ) mbedtls_calloc(1, operation->tag_length ); + operation->tag_buffer = + ( uint8_t * ) mbedtls_calloc(1, operation->tag_length ); if( operation->tag_buffer ) { @@ -685,16 +693,17 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, { /* Perform oneshot CCM encryption with additional data already stored, as CCM does not support multipart yet.*/ - status = mbedtls_to_psa_error( mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, - input_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - input, - output, - operation->tag_buffer, - operation->tag_length ) ); + status = mbedtls_to_psa_error( + mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, + input_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + input, + output, + operation->tag_buffer, + operation->tag_length ) ); /* Even if the above operation fails, we no longer need the additional data.*/ @@ -706,18 +715,22 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, { /* Need to back up the body data so we can do this again later.*/ - operation->body_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + operation->body_buffer = + ( uint8_t * ) mbedtls_calloc(1, input_length ); if( operation->body_buffer ) { memcpy( operation->body_buffer, input, input_length ); operation->body_length = input_length; - /* this will fail, as the tag is clearly false, but will write the - decrypted data to the output buffer. */ - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, input_length, - operation->nonce, operation->nonce_length, - operation->ad_buffer, operation->ad_length, + /* this will fail, as the tag is clearly false, but will + write the decrypted data to the output buffer.*/ + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, + input_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, input, output, operation->tag_buffer, operation->tag_length ); @@ -747,10 +760,11 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { - status = mbedtls_to_psa_error( mbedtls_chachapoly_update( &operation->ctx.chachapoly, - input_length, - input, - output ) ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_update( &operation->ctx.chachapoly, + input_length, + input, + output ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ @@ -772,7 +786,8 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, /* Common checks for both mbedtls_psa_aead_finish() and mbedtls_psa_aead_verify() */ -static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operation, +static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t + *operation, size_t output_size, size_t tag_size ) { @@ -793,13 +808,15 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t *operat if( operation->is_encrypt ) { - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, - operation->alg ); + finish_output_size = + PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, + operation->alg ); } else { - finish_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, - operation->alg ); + finish_output_size = + PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, + operation->alg ); } if( output_size < finish_output_size ) @@ -822,7 +839,8 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t finish_output_size = 0; - status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, tag_size ); + status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, + tag_size ); if( status != PSA_SUCCESS ) { @@ -855,8 +873,9 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { - status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, - tag ) ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + tag ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ @@ -902,7 +921,8 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, int do_tag_check = 1; uint8_t check_tag[16]; - status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length ); + status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, + tag_length ); if( status != PSA_SUCCESS ) { @@ -913,9 +933,10 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, if( operation->alg == PSA_ALG_GCM ) { /* Call finish to get the tag for comparison */ - status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, - check_tag, - operation->tag_length ) ); + status = mbedtls_to_psa_error( + mbedtls_gcm_finish( &operation->ctx.gcm, + check_tag, + operation->tag_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ @@ -931,17 +952,22 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, * only way to get the tag, but this time throw away the results, as verify cannot write that much data. */ temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, - operation->alg, operation->body_length ); + operation->alg, + operation->body_length + ); temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size ); if( temp_buffer ) { - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->body_length, - operation->nonce, operation->nonce_length, - operation->ad_buffer, operation->ad_length, - operation->body_buffer, temp_buffer, - tag, tag_length ); + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, + operation->body_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + operation->body_buffer, + temp_buffer, tag, tag_length ); if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) { @@ -974,8 +1000,9 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { // call finish to get the tag for comparison. - status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, - check_tag ) ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + check_tag ) ); } else diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6ae5030ee..04d947f37 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3201,7 +3201,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, TEST_ASSERT( tag_length <= 16 ); output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len + tag_length ) ); + ( input_data->len + + tag_length ) ); ASSERT_ALLOC( output_data, output_size ); @@ -3224,8 +3225,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, if( nonce->len == 0 ) { - PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), - &nonce_length ) ); + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + sizeof( nonce_buffer ), + &nonce_length ) ); } else { @@ -3236,7 +3238,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation.alg == PSA_ALG_GCM ) { - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ) ); + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); } #endif @@ -3256,7 +3259,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, part_length = ad_part_len; } - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset, + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + part_offset, part_length ) ); part_offset += part_length; @@ -3265,13 +3269,15 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, else { /* Pass additional data in one go. */ - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) ); + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, + additional_data->len) ); } if( data_part_len != -1 ) { /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); ASSERT_ALLOC( part_data, part_data_size ); @@ -3288,13 +3294,16 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, part_length = data_part_len; } - PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ), + PSA_ASSERT( psa_aead_update( &operation, + ( input_data->x + part_offset ), part_length, part_data, - part_data_size, &output_part_length ) ); + part_data_size, + &output_part_length ) ); if( output_data && output_part_length ) { - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); } part_offset += part_length; @@ -3317,7 +3326,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, if( output_data && output_part_length ) { - memcpy( ( output_data + output_length ), final_data, output_part_length ); + memcpy( ( output_data + output_length ), final_data, + output_part_length ); } TEST_EQUAL(tag_length, tag_size); @@ -3334,7 +3344,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE * should be exact. */ TEST_EQUAL( output_length, - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); TEST_ASSERT( output_length <= PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); @@ -3389,7 +3400,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -3429,7 +3441,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( nonce->len == 0 ) { - status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), + status = psa_aead_generate_nonce( &operation, nonce_buffer, + sizeof( nonce_buffer ), &nonce_length ); } else @@ -3447,7 +3460,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation.alg == PSA_ALG_GCM ) { - status = psa_aead_set_lengths( &operation, additional_data->len, input_data->len ); + status = psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ); if( status != PSA_SUCCESS ) { @@ -3472,7 +3486,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, part_length = ad_part_len; } - status = psa_aead_update_ad( &operation, additional_data->x + part_offset, + status = psa_aead_update_ad( &operation, + additional_data->x + part_offset, part_length ); if( status != PSA_SUCCESS ) @@ -3486,7 +3501,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, } else { - status = psa_aead_update_ad(&operation, additional_data->x, additional_data->len); + status = psa_aead_update_ad(&operation, additional_data->x, + additional_data->len); if( status != PSA_SUCCESS ) { @@ -3499,7 +3515,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, { /* Pass data in parts */ part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); + ( size_t ) data_part_len ); ASSERT_ALLOC( part_data, part_data_size ); @@ -3516,7 +3532,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, part_length = data_part_len; } - status = psa_aead_update( &operation, ( input_data->x + part_offset ), + status = psa_aead_update( &operation, + ( input_data->x + part_offset ), part_length, part_data, part_data_size, &output_part_length ); @@ -3528,7 +3545,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( output_data && output_part_length ) { - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); } part_offset += part_length; @@ -3562,7 +3580,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( output_data &&output_part_length ) { - memcpy( ( output_data + output_length ), final_data, output_part_length ); + memcpy( ( output_data + output_length ), final_data, + output_part_length ); } output_length += output_part_length; @@ -3571,23 +3590,27 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, * should be exact. */ if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) TEST_EQUAL( ( output_length + tag_length ), - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); TEST_EQUAL(tag_length, tag_size); if( PSA_SUCCESS == expected_result ) { - output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, output_length ); + output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + output_length ); ASSERT_ALLOC( output_data2, output_size2 ); /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE * should be exact. */ TEST_EQUAL( input_data->len, PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, - ( output_length + tag_length ) ) ); + ( output_length + + tag_length ) ) ); TEST_ASSERT( input_data->len <= - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + tag_length ) ); + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + + tag_length ) ); operation = psa_aead_operation_init(); @@ -3599,7 +3622,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( status == PSA_ERROR_NOT_SUPPORTED ) { MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, + nonce->len ); } TEST_EQUAL( status, expected_result ); @@ -3607,7 +3631,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( nonce->len == 0 ) { /* Use previously generated nonce. */ - status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); + status = psa_aead_set_nonce( &operation, nonce_buffer, + nonce_length ); } else { @@ -3623,7 +3648,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation.alg == PSA_ALG_GCM ) { - status = psa_aead_set_lengths( &operation, additional_data->len, output_length ); + status = psa_aead_set_lengths( &operation, additional_data->len, + output_length ); if( status != PSA_SUCCESS ) { @@ -3638,7 +3664,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, while( part_offset <= additional_data->len) { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + if( additional_data->len - part_offset < + ( uint32_t ) ad_part_len ) { part_length = additional_data->len - part_offset; } @@ -3647,7 +3674,9 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, part_length = ad_part_len; } - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x + part_offset, + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + + part_offset, part_length ) ); part_offset += part_length; @@ -3655,13 +3684,15 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, } else { - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, additional_data->len) ); + PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, + additional_data->len) ); } if( data_part_len != -1 ) { /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); ASSERT_ALLOC( part_data, part_data_size ); @@ -3669,22 +3700,27 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, while( part_offset <= ( input_data->len - tag_length ) ) { - if( ( input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len ) + if( ( input_data->len - tag_length - part_offset ) < + ( uint32_t ) data_part_len ) { - part_length = ( input_data->len - tag_length - part_offset ); + part_length = + ( input_data->len - tag_length - part_offset ); } else { part_length = data_part_len; } - PSA_ASSERT( psa_aead_update( &operation, ( input_data->x + part_offset ), + PSA_ASSERT( psa_aead_update( &operation, + ( input_data->x + part_offset ), part_length, part_data, - part_data_size, &output_part_length ) ); + part_data_size, + &output_part_length ) ); if( output_data2 && output_part_length ) { - memcpy( ( output_data2 + part_offset ), part_data, output_part_length ); + memcpy( ( output_data2 + part_offset ), + part_data, output_part_length ); } part_offset += part_length; @@ -3705,7 +3741,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, if( output_data2 && output_part_length ) { - memcpy( ( output_data2 + output_length2 ), final_data, output_part_length); + memcpy( ( output_data2 + output_length2 ), final_data, + output_part_length); } output_length2 += output_part_length; @@ -3772,7 +3809,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len - tag_length ) ); + ( input_data->len - + tag_length ) ); ASSERT_ALLOC( output_data, output_size ); ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); @@ -3798,7 +3836,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, if( nonce->len == 0 ) { - status = psa_aead_generate_nonce( &operation, nonce_buffer, sizeof( nonce_buffer ), + status = psa_aead_generate_nonce( &operation, nonce_buffer, + sizeof( nonce_buffer ), &nonce_length ); } else @@ -3842,7 +3881,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, part_length = ad_part_len; } - status = psa_aead_update_ad( &operation, additional_data->x + part_offset, + status = psa_aead_update_ad( &operation, + additional_data->x + part_offset, part_length ); if( status != PSA_SUCCESS ) @@ -3856,7 +3896,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, } else { - status = psa_aead_update_ad( &operation, additional_data->x, additional_data->len ); + status = psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ); if( status != PSA_SUCCESS ) { @@ -3868,7 +3909,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, if( data_part_len != -1 ) { /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); ASSERT_ALLOC( part_data, part_data_size ); @@ -3876,7 +3918,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, while( part_offset <= input_data->len) { - if( (input_data->len - tag_length - part_offset ) < ( uint32_t ) data_part_len ) + if( (input_data->len - tag_length - part_offset ) < + ( uint32_t ) data_part_len ) { part_length = ( input_data->len - tag_length - part_offset ); } @@ -3885,9 +3928,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, part_length = data_part_len; } - status = psa_aead_update( &operation, ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, &output_part_length ); + status = psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ); if( status != PSA_SUCCESS ) { @@ -3897,7 +3941,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, if( output_data && output_part_length ) { - memcpy( ( output_data + part_offset ), part_data, output_part_length ); + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); } part_offset += part_length; @@ -3920,7 +3965,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, status = psa_aead_verify( &operation, final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE, &output_part_length, - ( input_data->x + input_data->len - tag_length ), + ( input_data->x + input_data->len - + tag_length ), tag_length ); if( status != PSA_SUCCESS ) @@ -3931,7 +3977,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, if( output_data && output_part_length ) { - memcpy( ( output_data + output_length ), final_data, output_part_length ); + memcpy( ( output_data + output_length ), final_data, + output_part_length ); } output_length += output_part_length; @@ -3941,7 +3988,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE * should be exact. */ TEST_EQUAL( output_length, - PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) ); + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); TEST_ASSERT( output_length <= PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); } From cbbde5f28c4241ef7b002b23b0979b35703f7606 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 10 May 2021 18:19:46 +0100 Subject: [PATCH 022/195] Split multipart AEAD contexts into two parts Split to data required for internal implementation and data required for driver implementation with data left over for the PSA layer. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_primitives.h | 59 ++++++++ .../psa/crypto_driver_contexts_primitives.h | 8 + include/psa/crypto_struct.h | 43 +----- library/psa_crypto.c | 100 +++++++++++-- library/psa_crypto_aead.c | 54 ++++--- library/psa_crypto_aead.h | 138 ++++++++++-------- library/psa_crypto_driver_wrappers.c | 84 ++++++----- tests/src/drivers/test_driver_aead.c | 18 +-- 8 files changed, 321 insertions(+), 183 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index 75801a178..e3903bca5 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -118,6 +118,62 @@ typedef struct { #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + +/* Context structure for the Mbed TLS cipher implementation. */ +typedef struct +{ + psa_algorithm_t alg; + psa_key_type_t key_type; + + unsigned int lengths_set : 1; + unsigned int is_encrypt : 1; + unsigned int ad_started : 1; + unsigned int body_started : 1; + + uint8_t tag_length; + uint8_t nonce_length; + + size_t ad_remaining; + size_t body_remaining; + + /* Buffers for AD/data - only required until CCM gets proper multipart + support. */ + uint8_t *ad_buffer; + size_t ad_length; + + uint8_t *body_buffer; + size_t body_length; + + uint8_t *tag_buffer; + + /* buffer to store Nonce - only required until CCM and GCM get proper + multipart support. */ + uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE]; + + union + { + unsigned dummy; /* Enable easier initializing of the union. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + mbedtls_ccm_context ccm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + mbedtls_gcm_context gcm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + mbedtls_chachapoly_context chachapoly; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + } ctx; + +} mbedtls_psa_aead_operation_t; + +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} + /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. */ @@ -130,6 +186,9 @@ typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operat typedef mbedtls_psa_cipher_operation_t mbedtls_transparent_test_driver_cipher_operation_t; +typedef mbedtls_psa_aead_operation_t + mbedtls_transparent_test_driver_aead_operation_t; + typedef struct { unsigned int initialised : 1; mbedtls_transparent_test_driver_cipher_operation_t ctx; diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 104d4bdb6..4fba9eb03 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -65,5 +65,13 @@ typedef union { #endif } psa_driver_cipher_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_aead_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; +#endif +} psa_driver_aead_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6c5639d1c..6bb6f421b 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -153,8 +153,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_aead_operation_s { - psa_algorithm_t alg; - psa_key_type_t key_type; /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping @@ -164,50 +162,19 @@ struct psa_aead_operation_s * any driver (i.e. none of the driver contexts are active). */ unsigned int id; + psa_algorithm_t alg; + psa_key_type_t key_type; + unsigned int key_set : 1; unsigned int nonce_set : 1; unsigned int lengths_set : 1; - unsigned int is_encrypt : 1; unsigned int ad_started : 1; unsigned int body_started : 1; - uint8_t tag_length; - uint8_t nonce_length; - - size_t ad_remaining; - size_t body_remaining; - - /* Buffers for AD/data - only required until CCM gets proper multipart - support. */ - uint8_t *ad_buffer; - size_t ad_length; - - uint8_t *body_buffer; - size_t body_length; - - uint8_t *tag_buffer; - - /* buffer to store Nonce - only required until CCM and GCM get proper - multipart support. */ - uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE]; - - union - { - unsigned dummy; /* Enable easier initializing of the union. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - - } ctx; + psa_driver_aead_context_t ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4ab0c63b3..7190aa4da 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3214,6 +3214,25 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, return( status ); } +/* Helper function to get the base algorithm from its variants. */ +static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg) +{ + switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ) + { + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): + return( PSA_ALG_CCM ); + + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): + return( PSA_ALG_GCM ); + + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): + return( PSA_ALG_CHACHA20_POLY1305 ); + + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } +} + /* Set the key for a multipart authenticated encryption operation. */ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, @@ -3226,6 +3245,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) return( PSA_ERROR_NOT_SUPPORTED ); + if( operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); @@ -3242,6 +3267,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, &attributes, slot->key.data, slot->key.bytes, alg ); + operation->key_type = psa_get_key_type( &attributes ); unlock_status = psa_unlock_key_slot( slot ); @@ -3250,6 +3276,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, return( unlock_status ); } + if( status == PSA_SUCCESS ) + { + operation->alg = psa_aead_get_base_algorithm( alg ); + operation->key_set = 1; + } + return( status ); } @@ -3265,6 +3297,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) return( PSA_ERROR_NOT_SUPPORTED ); + if( operation->key_set || operation->nonce_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); @@ -3281,6 +3319,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, &attributes, slot->key.data, slot->key.bytes, alg ); + operation->key_type = psa_get_key_type( &attributes ); unlock_status = psa_unlock_key_slot( slot ); @@ -3289,6 +3328,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, return( unlock_status ); } + if( status == PSA_SUCCESS ) + { + operation->alg = psa_aead_get_base_algorithm( alg ); + operation->key_set = 1; + } + return( status ); } @@ -3341,14 +3386,23 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if( !operation->key_set || operation->nonce_set || operation->ad_started || operation->body_started ) { return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_set_nonce( operation, nonce, - nonce_length ) ); + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, + nonce_length ); + + if( status == PSA_SUCCESS ) + { + operation->nonce_set = 1; + } + + return( status ); } /* Declare the lengths of the message and additional data for multipart AEAD. */ @@ -3356,26 +3410,44 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if( !operation->key_set || operation->lengths_set ) { return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_set_lengths( operation, ad_length, - plaintext_length ) ); + status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, + plaintext_length ); + + if( status == PSA_SUCCESS ) + { + operation->lengths_set = 1; + } + + return status; } /* Pass additional data to an active multipart AEAD operation. */ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if( !operation->nonce_set || !operation->key_set ) { return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_update_ad( operation, input, - input_length ) ); + status = psa_driver_wrapper_aead_update_ad( operation, input, + input_length ); + + if( status == PSA_SUCCESS ) + { + operation->ad_started = 1; + } + + return status; } /* Encrypt or decrypt a message fragment in an active multipart AEAD @@ -3387,6 +3459,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, size_t output_size, size_t *output_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *output_length = 0; @@ -3395,9 +3468,16 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - return( psa_driver_wrapper_aead_update( operation, input, input_length, - output, output_size, - output_length ) ); + status = psa_driver_wrapper_aead_update( operation, input, input_length, + output, output_size, + output_length ); + + if( status == PSA_SUCCESS ) + { + operation->body_started = 1; + } + + return status; } /* Finish encrypting a message in a multipart AEAD operation. */ @@ -3422,6 +3502,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ) ); + } /* Finish authenticating and decrypting a message in a multipart AEAD @@ -3466,7 +3547,6 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) operation->key_set = 0; operation->nonce_set = 0; operation->lengths_set = 0; - operation->is_encrypt = 0; operation->ad_started = 0; operation->body_started = 0; diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index f5b4dc512..8f8b74e7e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -20,7 +20,6 @@ #include "common.h" - #if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa_crypto_aead.h" @@ -55,7 +54,7 @@ static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) static psa_status_t psa_aead_setup( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, psa_algorithm_t alg ) @@ -66,12 +65,6 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; size_t full_tag_length = 0; - if( operation->key_set || operation->nonce_set || - operation->ad_started || operation->body_started ) - { - return( PSA_ERROR_BAD_STATE ); - } - key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, @@ -146,12 +139,12 @@ static psa_status_t psa_aead_setup( > full_tag_length ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type, + operation->key_type = psa_get_key_type( attributes ); + + operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type, key_bits, alg ); - operation->key_set = 1; - return( PSA_SUCCESS ); } @@ -165,7 +158,7 @@ psa_status_t mbedtls_psa_aead_encrypt( uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; uint8_t *tag; (void) key_buffer_size; @@ -275,7 +268,7 @@ psa_status_t mbedtls_psa_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; const uint8_t *tag = NULL; (void) key_buffer_size; @@ -354,7 +347,8 @@ exit: /* Set the key and algorithm for a multipart authenticated encryption * operation. */ -psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t + *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -377,7 +371,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation, /* Set the key and algorithm for a multipart authenticated decryption * operation. */ -psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t + *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -399,7 +394,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation, } /* Set a nonce for the multipart AEAD operation*/ -psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t + *operation, const uint8_t *nonce, size_t nonce_length ) { @@ -454,15 +450,11 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation, return ( PSA_ERROR_NOT_SUPPORTED ); } - if( status == PSA_SUCCESS ) - { - operation->nonce_set = 1; - } - return( status ); } /* Declare the lengths of the message and additional data for AEAD. */ -psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t + *operation, size_t ad_length, size_t plaintext_length ) { @@ -512,7 +504,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation, } /* Pass additional data to an active multipart AEAD operation. */ -psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t + *operation, const uint8_t *input, size_t input_length ) { @@ -611,7 +604,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation, /* Encrypt or decrypt a message fragment in an active multipart AEAD * operation.*/ -psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -786,7 +779,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation, /* Common checks for both mbedtls_psa_aead_finish() and mbedtls_psa_aead_verify() */ -static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t +static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t *operation, size_t output_size, size_t tag_size ) @@ -828,7 +821,7 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t } /* Finish encrypting a message in a multipart AEAD operation. */ -psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -903,7 +896,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation, /* Finish authenticating and decrypting a message in a multipart AEAD * operation.*/ -psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -1033,7 +1026,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation, } /* Abort an AEAD operation */ -psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) +psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation ) { switch( operation->alg ) { @@ -1054,6 +1047,11 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation ) #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ } + operation->lengths_set = 0; + operation->is_encrypt = 0; + operation->ad_started = 0; + operation->body_started = 0; + mbedtls_free(operation->ad_buffer); operation->ad_buffer = NULL; operation->ad_length = 0; diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index a9d268773..4b6d6cd1b 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -160,37 +160,39 @@ psa_status_t mbedtls_psa_aead_decrypt( * -# Allocate an operation object which will be passed to all the functions * listed here. * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_aead_operation_t, e.g. - * #PSA_AEAD_OPERATION_INIT. + * documentation for #mbedtls_psa_aead_operation_t, e.g. + * #MBEDTLS_PSA_AEAD_OPERATION_INIT. * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key. * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and - * mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths() - * for details. + * mbedtls_psa_aead_update(). See the documentation of + * mbedtls_psa_aead_set_lengths() for details. * -# Call either psa_aead_generate_nonce() or * mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use * psa_aead_generate_nonce() unless the protocol you are implementing * requires a specific nonce value. - * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment - * of the non-encrypted additional authenticated data each time. + * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing + * a fragment of the non-encrypted additional authenticated data each time. * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment * of the message to encrypt each time. * -# Call mbedtls_psa_aead_finish(). * - * If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(), - * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The - * application may call mbedtls_psa_aead_abort() at any time after the operation - * has been initialized. + * If an error occurs at any step after a call to + * mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a + * call to mbedtls_psa_aead_abort(). The application may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized. * - * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an + * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application + * must eventually terminate the operation. The following events terminate an * operation: * - A successful call to mbedtls_psa_aead_finish(). * - A call to mbedtls_psa_aead_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for - * #mbedtls_psa_aead_operation_t and not yet in use. + * #mbedtls_psa_aead_operation_t and not yet in + * use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. @@ -219,9 +221,12 @@ psa_status_t mbedtls_psa_aead_decrypt( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, +psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t + *operation, + const psa_key_attributes_t + *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg); /** Set the key for a multipart authenticated decryption operation. @@ -236,34 +241,36 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation, * -# Allocate an operation object which will be passed to all the functions * listed here. * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_aead_operation_t, e.g. + * documentation for #mbedtls_psa_aead_operation_t, e.g. * #PSA_AEAD_OPERATION_INIT. * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key. - * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the - * inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and - * mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths() - * for details. + * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of + * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and + * mbedtls_psa_aead_update(). See the documentation of + * mbedtls_psa_aead_set_lengths() for details. * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption. - * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment - * of the non-encrypted additional authenticated data each time. + * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a + * fragment of the non-encrypted additional authenticated data each time. * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment * of the ciphertext to decrypt each time. * -# Call mbedtls_psa_aead_verify(). * - * If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(), - * the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The - * application may call mbedtls_psa_aead_abort() at any time after the operation - * has been initialized. + * If an error occurs at any step after a call to + * mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a + * call to mbedtls_psa_aead_abort(). The application may call + * mbedtls_psa_aead_abort() at any time after the operation has been + * initialized. * - * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an + * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application + * must eventually terminate the operation. The following events terminate an * operation: * - A successful call to mbedtls_psa_aead_verify(). * - A call to mbedtls_psa_aead_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for - * #psa_aead_operation_t and not yet in use. + * #mbedtls_psa_aead_operation_t and not yet in + * use. * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. @@ -292,9 +299,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, +psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t + *operation, + const psa_key_attributes_t + *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg); /** Set the nonce for an authenticated encryption or decryption operation. @@ -313,9 +323,9 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation, * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_aead_abort(). * - * \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce() - * instead of this function, unless implementing a protocol that requires - * a non-random IV. + * \note When encrypting, applications should use + * mbedtls_psa_aead_generate_nonce() instead of this function, unless + * implementing a protocol that requires a non-random IV. * * \param[in,out] operation Active AEAD operation. * \param[in] nonce Buffer containing the nonce to use. @@ -338,7 +348,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length); @@ -350,10 +360,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, * specification for transparent drivers. * * The application must call this function before calling - * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for - * the operation requires it. If the algorithm does not require it, - * calling this function is optional, but if this function is called - * then the implementation must enforce the lengths. + * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm + * for the operation requires it. If the algorithm does not require it, calling + * this function is optional, but if this function is called then the + * implementation must enforce the lengths. * * You may call this function before or after setting the nonce with * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce(). @@ -375,8 +385,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and - * mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been - * called yet). + * mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not + * have been called yet). * \retval #PSA_ERROR_INVALID_ARGUMENT * At least one of the lengths is not acceptable for the chosen * algorithm. @@ -389,7 +399,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t + *operation, size_t ad_length, size_t plaintext_length); @@ -407,18 +418,19 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation, * data to encrypt or decrypt with mbedtls_psa_aead_update(). * * Before calling this function, you must: - * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). - * 2. Set the nonce with psa_aead_generate_nonce() or - * mbedtls_psa_aead_set_nonce(). + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with + * psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce(). * * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_aead_abort(). * - * \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS, - * there is no guarantee that the input is valid. Therefore, until - * you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS, - * treat the input as untrusted and prepare to undo any action that - * depends on the input if mbedtls_psa_aead_verify() returns an error status. + * \warning When decrypting, until mbedtls_psa_aead_verify() has returned + * #PSA_SUCCESS, there is no guarantee that the input is valid. + * Therefore, until you have called mbedtls_psa_aead_verify() and it + * has returned #PSA_SUCCESS, treat the input as untrusted and prepare + * to undo any action that depends on the input if + * mbedtls_psa_aead_verify() returns an error status. * * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire * additional data to be passed in in one go, i.e. only call @@ -448,7 +460,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length); @@ -460,9 +472,9 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation, * transparent drivers. * * Before calling this function, you must: - * 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup(). - * The choice of setup function determines whether this function - * encrypts or decrypts its input. + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines + * whether this function encrypts or decrypts its input. * 2. Set the nonce with psa_aead_generate_nonce() or * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass * all the additional data. @@ -537,7 +549,7 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -618,7 +630,7 @@ psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -703,7 +715,7 @@ psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation, +psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -723,11 +735,11 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation, * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. * * You may call this function any time after the operation object has - * been initialized as described in #psa_aead_operation_t. + * been initialized as described in #mbedtls_psa_aead_operation_t. * * In particular, calling mbedtls_psa_aead_abort() after the operation has been - * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or - * mbedtls_psa_aead_verify() is safe and has no effect. + * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() + * or mbedtls_psa_aead_verify() is safe and has no effect. * * \param[in,out] operation Initialized AEAD operation. * @@ -740,7 +752,7 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation); +psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation); #endif /* PSA_CRYPTO_AEAD */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7faedb30e..7590800e2 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1310,10 +1310,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = PSA_ERROR_NOT_SUPPORTED; status = mbedtls_test_transparent_aead_encrypt_setup( - operation, attributes, - key_buffer, key_buffer_size, + &operation->ctx.transparent_test_driver_ctx, + attributes, key_buffer, key_buffer_size, alg ); /* Declared with fallback == true */ operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; @@ -1325,7 +1324,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_aead_encrypt_setup( - operation, attributes, + &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1360,9 +1359,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = PSA_ERROR_NOT_SUPPORTED; status = mbedtls_test_transparent_aead_decrypt_setup( - operation, attributes, + &operation->ctx.transparent_test_driver_ctx, + attributes, key_buffer, key_buffer_size, alg ); /* Declared with fallback == true */ @@ -1375,7 +1374,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_aead_decrypt_setup( - operation, attributes, + &operation->ctx.mbedtls_ctx, + attributes, key_buffer, key_buffer_size, alg ); @@ -1401,16 +1401,18 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( { #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_set_nonce( operation, nonce, + return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, + nonce, nonce_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_set_nonce( - operation, nonce, nonce_length ) ); + &operation->ctx.transparent_test_driver_ctx, + nonce, nonce_length ) ); /* Add cases for opaque driver here */ @@ -1431,18 +1433,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_set_lengths( operation, ad_length, + return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, + ad_length, plaintext_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_set_lengths( - operation, ad_length, plaintext_length ) ); + &operation->ctx.transparent_test_driver_ctx, + ad_length, plaintext_length ) ); /* Add cases for opaque driver here */ @@ -1463,18 +1467,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_update_ad( operation, input, + return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, + input, input_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_update_ad( - operation, input, input_length ) ); + &operation->ctx.transparent_test_driver_ctx, + input, input_length ) ); /* Add cases for opaque driver here */ @@ -1498,19 +1504,21 @@ psa_status_t psa_driver_wrapper_aead_update( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_update( operation, input, input_length, + return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, + input, input_length, output, output_size, output_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_update( - operation, input, input_length, output, output_size, + &operation->ctx.transparent_test_driver_ctx, + input, input_length, output, output_size, output_length ) ); /* Add cases for opaque driver here */ @@ -1539,20 +1547,22 @@ psa_status_t psa_driver_wrapper_aead_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_finish( operation, ciphertext, + return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_finish( - operation, ciphertext, ciphertext_size, + &operation->ctx.transparent_test_driver_ctx, + ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, tag_length ) ); /* Add cases for opaque driver here */ @@ -1581,19 +1591,22 @@ psa_status_t psa_driver_wrapper_aead_verify( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_verify( operation, plaintext, - plaintext_size, plaintext_length, + return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx, + plaintext, + plaintext_size, + plaintext_length, tag, tag_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_test_transparent_aead_verify( - operation, plaintext, plaintext_size, + &operation->ctx.transparent_test_driver_ctx, + plaintext, plaintext_size, plaintext_length, tag, tag_length ) ); /* Add cases for opaque driver here */ @@ -1616,16 +1629,17 @@ psa_status_t psa_driver_wrapper_aead_abort( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_abort( operation ) ); + return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ +#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( mbedtls_test_transparent_aead_abort( operation ) ); + return( mbedtls_test_transparent_aead_abort( + &operation->ctx.transparent_test_driver_ctx ) ); /* Add cases for opaque driver here */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 34bbc51ab..006d3327f 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -94,7 +94,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -117,7 +117,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( } psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -140,7 +140,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( } psa_status_t mbedtls_test_transparent_aead_set_nonce( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ) { @@ -161,7 +161,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( } psa_status_t mbedtls_test_transparent_aead_set_lengths( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ) { @@ -183,7 +183,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } psa_status_t mbedtls_test_transparent_aead_update_ad( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length ) { @@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( } psa_status_t mbedtls_test_transparent_aead_update( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -229,7 +229,7 @@ psa_status_t mbedtls_test_transparent_aead_update( } psa_status_t mbedtls_test_transparent_aead_finish( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -256,7 +256,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( } psa_status_t mbedtls_test_transparent_aead_verify( - psa_aead_operation_t *operation, + mbedtls_transparent_test_driver_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -281,7 +281,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( } psa_status_t mbedtls_test_transparent_aead_abort( - psa_aead_operation_t *operation ) + mbedtls_transparent_test_driver_aead_operation_t *operation ) { mbedtls_test_driver_aead_hooks.hits++; From 7f0a1801078665462ba7fe13f6c6724c1f34741b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 11 May 2021 17:43:42 +0100 Subject: [PATCH 023/195] Fix missed drivers header Signed-off-by: Paul Elliott --- tests/include/test/drivers/aead.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index e1058af8b..86c18d4d3 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -68,34 +68,34 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); psa_status_t mbedtls_test_transparent_aead_encrypt_setup( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_decrypt_setup( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_test_transparent_aead_set_nonce( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length ); psa_status_t mbedtls_test_transparent_aead_set_lengths( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length ); psa_status_t mbedtls_test_transparent_aead_update_ad( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_test_transparent_aead_update( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -103,7 +103,7 @@ psa_status_t mbedtls_test_transparent_aead_update( size_t *output_length ); psa_status_t mbedtls_test_transparent_aead_finish( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, @@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( size_t *tag_length ); psa_status_t mbedtls_test_transparent_aead_verify( - psa_aead_operation_t *operation, + mbedtls_psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, @@ -120,7 +120,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( size_t tag_length ); psa_status_t mbedtls_test_transparent_aead_abort( - psa_aead_operation_t *operation ); + mbedtls_psa_aead_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */ From 6edb7473db1e4c1ee9a8da405c25ea0c3841e06c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 10 May 2021 19:29:35 +0100 Subject: [PATCH 024/195] Move safer_memcmp to psa_crypto_core.h Same change as made by Steven Cooreman, although not yet merged. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 8f8b74e7e..ac4297ed4 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -38,21 +38,6 @@ #include "mbedtls/gcm.h" #include "mbedtls/error.h" -/* Constant-time buffer comparison. This is duplication of code from - * psa_crypto.c, but has nowhere private I can put it for the minute. Really - belongs in the constant time module, when that gets implemented */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ - size_t i; - unsigned char diff = 0; - - for( i = 0; i < n; i++ ) - diff |= a[i] ^ b[i]; - - return( diff ); -} - - static psa_status_t psa_aead_setup( mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, @@ -1014,7 +999,8 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, { *plaintext_length = finish_output_size; - if( do_tag_check && safer_memcmp(tag, check_tag, tag_length) != 0 ) + if( do_tag_check && + mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) { status = PSA_ERROR_INVALID_SIGNATURE; } From ef29e17a94b9cd0c4b6c48ada1a3e21766c9ab9b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 10 May 2021 19:33:03 +0100 Subject: [PATCH 025/195] Add comment to non-obvious code guard Ad and body lengths can only be too big on builds where size_t is bigger than 32 bits. This checking code therefore generates always true comparison warnings on 32 bit platforms, and thus had to be guarded. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index ac4297ed4..29dbedeb7 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -447,6 +447,9 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { + /* Lengths can only be too large for GCM if size_t is bigger than 32 + * bits. Without the guard this code will generate warnings on 32bit + builds */ #if SIZE_MAX > UINT32_MAX if( ( (uint64_t) ad_length ) >> 61 != 0 || ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) From 39dc6b8aa58b00b93683c975427914185ea4a67e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 11 May 2021 19:16:09 +0100 Subject: [PATCH 026/195] Add abort call to all failure points Signed-off-by: Paul Elliott --- library/psa_crypto.c | 156 ++++++++++++++++++++++++++++--------------- 1 file changed, 102 insertions(+), 54 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7190aa4da..ee7ac90ca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3243,12 +3243,16 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, psa_key_slot_t *slot; if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } if( operation->key_set || operation->nonce_set || operation->ad_started || operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_get_and_lock_key_slot_with_policy( @@ -3256,7 +3260,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) { - return( status ); + goto exit; } psa_key_attributes_t attributes = { @@ -3267,20 +3271,29 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, &attributes, slot->key.data, slot->key.bytes, alg ); + if( status != PSA_SUCCESS ) + { + goto exit; + } + operation->key_type = psa_get_key_type( &attributes ); unlock_status = psa_unlock_key_slot( slot ); if( unlock_status != PSA_SUCCESS ) { - return( unlock_status ); + status = unlock_status; } +exit: + if( status == PSA_SUCCESS ) { operation->alg = psa_aead_get_base_algorithm( alg ); operation->key_set = 1; } + else + psa_aead_abort( operation ); return( status ); } @@ -3295,21 +3308,23 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, psa_key_slot_t *slot; if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } if( operation->key_set || operation->nonce_set || operation->ad_started || operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) - { - return( status ); - } + goto exit; psa_key_attributes_t attributes = { .core = slot->attr @@ -3324,15 +3339,17 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, unlock_status = psa_unlock_key_slot( slot ); if( unlock_status != PSA_SUCCESS ) - { - return( unlock_status ); - } + status = unlock_status; + +exit: if( status == PSA_SUCCESS ) { operation->alg = psa_aead_get_base_algorithm( alg ); operation->key_set = 1; } + else + psa_aead_abort( operation ); return( status ); } @@ -3351,33 +3368,35 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, if( !operation->key_set || operation->nonce_set || operation->ad_started || operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, operation->alg); - if( nonce_size == 0 || nonce_size < required_nonce_size ) + if( nonce_size < required_nonce_size ) { - return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; } status = psa_generate_random( nonce, required_nonce_size ); if( status != PSA_SUCCESS ) - { - return status; - } + goto exit; status = psa_driver_wrapper_aead_set_nonce( operation, nonce, required_nonce_size ); - if( status == PSA_SUCCESS ) - { - *nonce_length = required_nonce_size; - } +exit: - return status; + if( status == PSA_SUCCESS ) + *nonce_length = required_nonce_size; + else + psa_aead_abort( operation ); + + return( status ); } /* Set the nonce for a multipart authenticated encryption or decryption @@ -3391,16 +3410,19 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, if( !operation->key_set || operation->nonce_set || operation->ad_started || operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ); +exit: + if( status == PSA_SUCCESS ) - { operation->nonce_set = 1; - } + else + psa_aead_abort( operation ); return( status ); } @@ -3414,18 +3436,21 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, if( !operation->key_set || operation->lengths_set ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ); - if( status == PSA_SUCCESS ) - { - operation->lengths_set = 1; - } +exit: - return status; + if( status == PSA_SUCCESS ) + operation->lengths_set = 1; + else + psa_aead_abort( operation ); + + return( status ); } /* Pass additional data to an active multipart AEAD operation. */ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, @@ -3436,18 +3461,21 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, if( !operation->nonce_set || !operation->key_set ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_driver_wrapper_aead_update_ad( operation, input, input_length ); - if( status == PSA_SUCCESS ) - { - operation->ad_started = 1; - } +exit: - return status; + if( status == PSA_SUCCESS ) + operation->ad_started = 1; + else + psa_aead_abort( operation ); + + return( status ); } /* Encrypt or decrypt a message fragment in an active multipart AEAD @@ -3465,19 +3493,22 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, if( !operation->nonce_set || !operation->key_set || !operation->ad_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size, output_length ); - if( status == PSA_SUCCESS ) - { - operation->body_started = 1; - } +exit: - return status; + if( status == PSA_SUCCESS ) + operation->body_started = 1; + else + psa_aead_abort( operation ); + + return( status ); } /* Finish encrypting a message in a multipart AEAD operation. */ @@ -3489,20 +3520,28 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, size_t tag_size, size_t *tag_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + *ciphertext_length = 0; *tag_length = 0; if( !operation->key_set || !operation->nonce_set || !operation->ad_started || !operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } - return( psa_driver_wrapper_aead_finish( operation, ciphertext, - ciphertext_size, - ciphertext_length, - tag, tag_size, tag_length ) ); + status = psa_driver_wrapper_aead_finish( operation, ciphertext, + ciphertext_size, + ciphertext_length, + tag, tag_size, tag_length ); +exit: + + psa_aead_abort( operation ); + + return( status ); } /* Finish authenticating and decrypting a message in a multipart AEAD @@ -3514,18 +3553,27 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, const uint8_t *tag, size_t tag_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + *plaintext_length = 0; if( !operation->key_set || !operation->nonce_set || !operation->ad_started || !operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } - return( psa_driver_wrapper_aead_verify( operation, plaintext, - plaintext_size, - plaintext_length, - tag, tag_length ) ); + status = psa_driver_wrapper_aead_verify( operation, plaintext, + plaintext_size, + plaintext_length, + tag, tag_length ); + +exit: + + psa_aead_abort( operation ); + + return( status ); } /* Abort an AEAD operation. */ From 81231f33f0bd31c3c8d962d54cef82a1571bd46e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 11 May 2021 19:18:28 +0100 Subject: [PATCH 027/195] Return invalid argument for unsupported algorithm Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 ++-- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ee7ac90ca..4a83b09c9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3244,7 +3244,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { - status = PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } @@ -3309,7 +3309,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { - status = PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8a85edd10..177d688e3 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2432,11 +2432,11 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90 PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_NOT_SUPPORTED +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR From bbe90b5f7f6776d878c1dfd3694cd430152a0140 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 11 May 2021 22:22:42 +0100 Subject: [PATCH 028/195] Formatting fixes for psa_crypto.c Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4a83b09c9..81673c40f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3372,8 +3372,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, goto exit; } - required_nonce_size = PSA_AEAD_NONCE_LENGTH(operation->key_type, - operation->alg); + required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type, + operation->alg ); if( nonce_size < required_nonce_size ) { @@ -3577,7 +3577,7 @@ exit: } /* Abort an AEAD operation. */ -psa_status_t psa_aead_abort(psa_aead_operation_t *operation) +psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; From a559b3ce5642480cb0433d54a7fed339de7814a6 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 12 May 2021 12:12:07 +0100 Subject: [PATCH 029/195] Remove key_set and use id instead In keeping with the other PSA multipart operations. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 3 +-- library/psa_crypto.c | 25 +++++++++---------------- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6bb6f421b..36503f91c 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -165,7 +165,6 @@ struct psa_aead_operation_s psa_algorithm_t alg; psa_key_type_t key_type; - unsigned int key_set : 1; unsigned int nonce_set : 1; unsigned int lengths_set : 1; unsigned int ad_started : 1; @@ -174,7 +173,7 @@ struct psa_aead_operation_s psa_driver_aead_context_t ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 81673c40f..527e44e76 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3248,7 +3248,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->key_set || operation->nonce_set || + if( operation->id || operation->nonce_set || operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3288,10 +3288,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, exit: if( status == PSA_SUCCESS ) - { operation->alg = psa_aead_get_base_algorithm( alg ); - operation->key_set = 1; - } else psa_aead_abort( operation ); @@ -3313,7 +3310,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->key_set || operation->nonce_set || + if( operation->id || operation->nonce_set || operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3344,10 +3341,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, exit: if( status == PSA_SUCCESS ) - { operation->alg = psa_aead_get_base_algorithm( alg ); - operation->key_set = 1; - } else psa_aead_abort( operation ); @@ -3365,7 +3359,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, *nonce_length = 0; - if( !operation->key_set || operation->nonce_set || + if( !operation->id || operation->nonce_set || operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3407,7 +3401,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->key_set || operation->nonce_set || + if( !operation->id || operation->nonce_set || operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3434,7 +3428,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->key_set || operation->lengths_set ) + if( !operation->id || operation->lengths_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3459,7 +3453,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->nonce_set || !operation->key_set ) + if( !operation->id || !operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3491,7 +3485,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, *output_length = 0; - if( !operation->nonce_set || !operation->key_set || !operation->ad_started ) + if( !operation->id || !operation->nonce_set || !operation->ad_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3525,7 +3519,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *ciphertext_length = 0; *tag_length = 0; - if( !operation->key_set || !operation->nonce_set || + if( !operation->id || !operation->nonce_set || !operation->ad_started || !operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3557,7 +3551,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; - if( !operation->key_set || !operation->nonce_set || + if( !operation->id || !operation->nonce_set || !operation->ad_started || !operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3592,7 +3586,6 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) status = psa_driver_wrapper_aead_abort( operation ); operation->id = 0; - operation->key_set = 0; operation->nonce_set = 0; operation->lengths_set = 0; operation->ad_started = 0; From cc3585973910c4318b690f372fcd220823d41c73 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 12 May 2021 12:22:28 +0100 Subject: [PATCH 030/195] Pass key buffer size into psa_aead_setup Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 29dbedeb7..37a4545b6 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -42,6 +42,7 @@ static psa_status_t psa_aead_setup( mbedtls_psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -50,6 +51,8 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; size_t full_tag_length = 0; + ( void ) key_buffer_size; + key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, @@ -145,9 +148,10 @@ psa_status_t mbedtls_psa_aead_encrypt( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; uint8_t *tag; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -255,9 +259,10 @@ psa_status_t mbedtls_psa_aead_decrypt( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT; const uint8_t *tag = NULL; - (void) key_buffer_size; - status = psa_aead_setup( &operation, attributes, key_buffer, alg ); + status = psa_aead_setup( &operation, attributes, key_buffer, + key_buffer_size, alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -342,9 +347,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t { psa_status_t status; - (void) key_buffer_size; - - status = psa_aead_setup( operation, attributes, key_buffer, alg ); + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); if( status == PSA_SUCCESS ) { @@ -368,7 +372,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t (void) key_buffer_size; - status = psa_aead_setup( operation, attributes, key_buffer, alg ); + status = psa_aead_setup( operation, attributes, key_buffer, + key_buffer_size, alg ); if( status == PSA_SUCCESS ) { @@ -448,8 +453,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t if( operation->alg == PSA_ALG_GCM ) { /* Lengths can only be too large for GCM if size_t is bigger than 32 - * bits. Without the guard this code will generate warnings on 32bit - builds */ + * bits. Without th + e guard this code will generate warnings on 32bit builds*/ #if SIZE_MAX > UINT32_MAX if( ( (uint64_t) ad_length ) >> 61 != 0 || ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) From 80acb7ee21c58df798b21dd03e3ee679f1f0c027 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 12 May 2021 12:41:33 +0100 Subject: [PATCH 031/195] Formatting fixups and spelling mistake fixes Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 98 +++++---------------------------------- 1 file changed, 11 insertions(+), 87 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 37a4545b6..b694bfd9e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -351,9 +351,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t key_buffer_size, alg ); if( status == PSA_SUCCESS ) - { operation->is_encrypt = 1; - } return ( status ); } @@ -376,9 +374,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t key_buffer_size, alg ); if( status == PSA_SUCCESS ) - { operation->is_encrypt = 0; - } return ( status ); } @@ -408,7 +404,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t { /* Multipart CCM not supported as yet, so CCM is basically operating in oneshot mode. Store the nonce as we need this later */ - memcpy(operation->nonce, nonce, nonce_length); + memcpy( operation->nonce, nonce, nonce_length ); /* We know that nonce size cannot exceed the uint8_t size */ operation->nonce_length = ( uint8_t ) nonce_length; @@ -469,9 +465,7 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t if( operation->alg == PSA_ALG_CCM ) { if( ad_length > 0xFF00 ) - { return ( PSA_ERROR_INVALID_ARGUMENT ); - } } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -507,9 +501,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t if( operation->lengths_set ) { if ( operation->ad_remaining < input_length ) - { return( PSA_ERROR_INVALID_ARGUMENT ); - } operation->ad_remaining -= input_length; } @@ -518,18 +510,14 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t if( operation->alg == PSA_ALG_GCM ) { if( !operation->lengths_set || operation->ad_started ) - { return( PSA_ERROR_BAD_STATE ); - } /* GCM currently requires all the additional data to be passed in in - * one contigious buffer, so until that is re-done, we have to enforce + * one contiguous buffer, so until that is re-done, we have to enforce * this, as we cannot allocate a buffer to collate multiple calls into. */ if( operation->ad_remaining != 0 ) - { return ( PSA_ERROR_INVALID_ARGUMENT ); - } status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm, @@ -549,9 +537,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t /* CCM requires all additional data to be passed in in one go at the minute, as we are basically operating in oneshot mode. */ if( operation->ad_started ) - { return( PSA_ERROR_BAD_STATE ); - } /* Save the additional data for later, this will be passed in when we have the body. */ @@ -564,9 +550,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t status = PSA_SUCCESS; } else - { return ( PSA_ERROR_INSUFFICIENT_MEMORY ); - } } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -588,9 +572,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t } if( status == PSA_SUCCESS ) - { operation->ad_started = 1; - } return ( status ); } @@ -612,24 +594,18 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg, input_length ) > output_size ) - { return ( PSA_ERROR_BUFFER_TOO_SMALL ); - } if( operation->lengths_set) { /* Additional data length was supplied, but not all the additional data was supplied.*/ if( operation->ad_remaining != 0 ) - { return ( PSA_ERROR_INVALID_ARGUMENT ); - } /* Too much data provided. */ if( operation->body_remaining < input_length ) - { return ( PSA_ERROR_INVALID_ARGUMENT ); - } operation->body_remaining -= input_length; } @@ -642,14 +618,10 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, * of non block size aligned updates. This will be fixed in 3.0 when we can change the signature of the GCM multipart functions */ if( !operation->lengths_set || operation->body_remaining != 0 ) - { return( PSA_ERROR_BAD_STATE ); - } if( !operation->ad_started ) - { return( PSA_ERROR_BAD_STATE ); - } status = mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm, input_length, @@ -661,20 +633,17 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - /* CCM dooes not support multipart yet, so all the input has to be + /* CCM does not support multipart yet, so all the input has to be passed in in one go. */ if( operation->body_started ) - { return( PSA_ERROR_BAD_STATE ); - } /* Need to store tag for Finish() / Verify() */ operation->tag_buffer = - ( uint8_t * ) mbedtls_calloc(1, operation->tag_length ); + ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length ); if( operation->tag_buffer ) { - if( operation->is_encrypt ) { /* Perform oneshot CCM encryption with additional data already @@ -693,7 +662,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, /* Even if the above operation fails, we no longer need the additional data.*/ - mbedtls_free(operation->ad_buffer); + mbedtls_free( operation->ad_buffer ); operation->ad_buffer = NULL; operation->ad_length = 0; } @@ -722,24 +691,16 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, operation->tag_length ); if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - { status = PSA_SUCCESS; - } else - { status = mbedtls_to_psa_error( ret ); - } } else - { status = PSA_ERROR_INSUFFICIENT_MEMORY; - } } } else - { status = PSA_ERROR_INSUFFICIENT_MEMORY; - } } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -780,35 +741,18 @@ static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t size_t finish_output_size; if( operation->lengths_set ) - { if( operation->ad_remaining != 0 || operation->body_remaining != 0 ) - { return( PSA_ERROR_BAD_STATE ); - } - } if( tag_size < operation->tag_length ) - { return ( PSA_ERROR_BUFFER_TOO_SMALL ); - } - if( operation->is_encrypt ) - { - finish_output_size = - PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, - operation->alg ); - } - else - { - finish_output_size = - PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, - operation->alg ); - } + finish_output_size = operation->is_encrypt ? + PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) : + PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg ); if( output_size < finish_output_size ) - { return ( PSA_ERROR_BUFFER_TOO_SMALL ); - } return ( PSA_SUCCESS ); } @@ -829,18 +773,14 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, tag_size ); if( status != PSA_SUCCESS ) - { return status; - } #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) - { /* We will need to do final GCM pass in here when multipart is done. */ status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, tag, tag_size ) ); - } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) @@ -858,11 +798,9 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, tag ) ); - } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { @@ -911,28 +849,22 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, tag_length ); if( status != PSA_SUCCESS ) - { return status; - } #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) - { /* Call finish to get the tag for comparison */ status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, check_tag, operation->tag_length ) ); - } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { if( !operation->ad_buffer || !operation->body_buffer ) - { return( PSA_ERROR_BAD_STATE ); - } /* Perform oneshot CCM decryption *again*, as its the * only way to get the tag, but this time throw away the @@ -956,9 +888,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, temp_buffer, tag, tag_length ); if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - { status = PSA_ERROR_INVALID_SIGNATURE; - } else { status = mbedtls_to_psa_error( ret ); @@ -966,9 +896,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, } } else - { status = PSA_ERROR_INSUFFICIENT_MEMORY; - } /* Even if the above operation fails, we no longer need the data */ mbedtls_free(temp_buffer); @@ -984,13 +912,11 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { // call finish to get the tag for comparison. status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, check_tag ) ); - } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { @@ -1009,9 +935,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, if( do_tag_check && mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) - { status = PSA_ERROR_INVALID_SIGNATURE; - } } mbedtls_psa_aead_abort(operation); @@ -1046,15 +970,15 @@ psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation ) operation->ad_started = 0; operation->body_started = 0; - mbedtls_free(operation->ad_buffer); + mbedtls_free( operation->ad_buffer ); operation->ad_buffer = NULL; operation->ad_length = 0; - mbedtls_free(operation->body_buffer); + mbedtls_free( operation->body_buffer ); operation->body_buffer = NULL; operation->body_length = 0; - mbedtls_free(operation->tag_buffer); + mbedtls_free( operation->tag_buffer ); operation->tag_buffer = NULL; return( PSA_SUCCESS ); From ccaea40023814fbb31b2d35435b0e2c8c87535ea Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 14:22:52 +0100 Subject: [PATCH 032/195] Replace hard coded buffer size with define Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index b694bfd9e..0d1cdaed4 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -843,7 +843,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, size_t finish_output_size = 0; int do_tag_check = 1; - uint8_t check_tag[16]; + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, tag_length ); From 9e8ccd7e82f7546383a3e1e8ff4315441fc54506 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 14:30:53 +0100 Subject: [PATCH 033/195] Make sure all statuses are initialised Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 0d1cdaed4..66798072a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -345,7 +345,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t size_t key_buffer_size, psa_algorithm_t alg ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; status = psa_aead_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -366,7 +366,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t size_t key_buffer_size, psa_algorithm_t alg ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; (void) key_buffer_size; @@ -385,7 +385,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t const uint8_t *nonce, size_t nonce_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) From c10ad21a1b7eed23d53d8e185673376cb226ad31 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 17:08:29 +0100 Subject: [PATCH 034/195] Remove SetLengths() requirement for GCM Also return NOT_SUPPORTED, rather than BAD_STATE for our current workarounds for GCM/CCM Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 66798072a..9a98ba533 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -509,15 +509,12 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - if( !operation->lengths_set || operation->ad_started ) - return( PSA_ERROR_BAD_STATE ); - - /* GCM currently requires all the additional data to be passed in in + /* GCM currently requires all the additional data to be passed in in * one contiguous buffer, so until that is re-done, we have to enforce * this, as we cannot allocate a buffer to collate multiple calls into. */ - if( operation->ad_remaining != 0 ) - return ( PSA_ERROR_INVALID_ARGUMENT ); + if( operation->ad_started ) + return( PSA_ERROR_NOT_SUPPORTED ); status = mbedtls_to_psa_error( mbedtls_gcm_starts( &operation->ctx.gcm, @@ -537,7 +534,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t /* CCM requires all additional data to be passed in in one go at the minute, as we are basically operating in oneshot mode. */ if( operation->ad_started ) - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_NOT_SUPPORTED ); /* Save the additional data for later, this will be passed in when we have the body. */ @@ -617,11 +614,9 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, * must be passed in in one update, rather than deal with the complexity * of non block size aligned updates. This will be fixed in 3.0 when we can change the signature of the GCM multipart functions */ - if( !operation->lengths_set || operation->body_remaining != 0 ) - return( PSA_ERROR_BAD_STATE ); + if( operation->body_started ) + return( PSA_ERROR_NOT_SUPPORTED ); - if( !operation->ad_started ) - return( PSA_ERROR_BAD_STATE ); status = mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm, input_length, @@ -636,7 +631,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, /* CCM does not support multipart yet, so all the input has to be passed in in one go. */ if( operation->body_started ) - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_NOT_SUPPORTED ); /* Need to store tag for Finish() / Verify() */ operation->tag_buffer = From e2c788d4804bf4321a61aefe0133b8d12db79e7e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 17:16:01 +0100 Subject: [PATCH 035/195] Rename badly named variable Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 9a98ba533..9c31e0051 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -583,11 +583,11 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, size_t output_size, size_t *output_length ) { - size_t update_output_size; + size_t update_output_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - update_output_size = input_length; + update_output_length = input_length; if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg, input_length ) > output_size ) @@ -719,7 +719,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, if( status == PSA_SUCCESS ) { - *output_length = update_output_size; + *output_length = update_output_length; operation->body_started = 1; } From 6108ee7c2d289f6f48bb977bb4cc1d2f431d85a0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 18:26:41 +0100 Subject: [PATCH 036/195] Change logic to reduce indentation Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 158 +++++++++++++++++++------------------- 1 file changed, 79 insertions(+), 79 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 9c31e0051..0a84888b1 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -538,16 +538,16 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t /* Save the additional data for later, this will be passed in when we have the body. */ - operation->ad_buffer = ( uint8_t * ) mbedtls_calloc(1, input_length ); + operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length ); - if( operation->ad_buffer ) + if( operation->ad_buffer == NULL ) { - memcpy( operation->ad_buffer, input, input_length ); - operation->ad_length = input_length; - status = PSA_SUCCESS; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); } - else - return ( PSA_ERROR_INSUFFICIENT_MEMORY ); + + memcpy( operation->ad_buffer, input, input_length ); + operation->ad_length = input_length; + status = PSA_SUCCESS; } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -637,65 +637,65 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, operation->tag_buffer = ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length ); - if( operation->tag_buffer ) + if( operation->tag_buffer == NULL) { - if( operation->is_encrypt ) - { - /* Perform oneshot CCM encryption with additional data already - stored, as CCM does not support multipart yet.*/ - status = mbedtls_to_psa_error( - mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, - input_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - input, - output, - operation->tag_buffer, - operation->tag_length ) ); + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + } - /* Even if the above operation fails, we no longer need the - additional data.*/ - mbedtls_free( operation->ad_buffer ); - operation->ad_buffer = NULL; - operation->ad_length = 0; - } - else - { - /* Need to back up the body data so we can do this again - later.*/ - operation->body_buffer = - ( uint8_t * ) mbedtls_calloc(1, input_length ); + if( operation->is_encrypt ) + { + /* Perform oneshot CCM encryption with additional data already + stored, as CCM does not support multipart yet.*/ + status = mbedtls_to_psa_error( + mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, + input_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + input, + output, + operation->tag_buffer, + operation->tag_length ) ); - if( operation->body_buffer ) - { - memcpy( operation->body_buffer, input, input_length ); - operation->body_length = input_length; - - /* this will fail, as the tag is clearly false, but will - write the decrypted data to the output buffer.*/ - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, - input_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - input, output, - operation->tag_buffer, - operation->tag_length ); - - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - status = PSA_SUCCESS; - else - status = mbedtls_to_psa_error( ret ); - } - else - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } + /* Even if the above operation fails, we no longer need the + additional data.*/ + mbedtls_free( operation->ad_buffer ); + operation->ad_buffer = NULL; + operation->ad_length = 0; } else - status = PSA_ERROR_INSUFFICIENT_MEMORY; + { + /* Need to back up the body data so we can do this again + later.*/ + operation->body_buffer = + ( uint8_t * ) mbedtls_calloc(1, input_length ); + + if( operation->body_buffer == NULL) + { + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + } + + memcpy( operation->body_buffer, input, input_length ); + operation->body_length = input_length; + + /* this will fail, as the tag is clearly false, but will + write the decrypted data to the output buffer.*/ + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, + input_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + input, output, + operation->tag_buffer, + operation->tag_length ); + + if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + status = PSA_SUCCESS; + else + status = mbedtls_to_psa_error( ret ); + } } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -871,27 +871,27 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size ); - if( temp_buffer ) + if( temp_buffer == NULL) { - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, - operation->body_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - operation->body_buffer, - temp_buffer, tag, tag_length ); - - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - status = PSA_ERROR_INVALID_SIGNATURE; - else - { - status = mbedtls_to_psa_error( ret ); - do_tag_check = 0; - } + return( PSA_ERROR_INSUFFICIENT_MEMORY ); } + + ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, + operation->body_length, + operation->nonce, + operation->nonce_length, + operation->ad_buffer, + operation->ad_length, + operation->body_buffer, + temp_buffer, tag, tag_length ); + + if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + status = PSA_ERROR_INVALID_SIGNATURE; else - status = PSA_ERROR_INSUFFICIENT_MEMORY; + { + status = mbedtls_to_psa_error( ret ); + do_tag_check = 0; + } /* Even if the above operation fails, we no longer need the data */ mbedtls_free(temp_buffer); From b06e1c0d68b1acd130cd1abc3056fdf589aadbb9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 13 May 2021 18:33:43 +0100 Subject: [PATCH 037/195] Remove unnecessary code Calls to abort that are now being done by the psa_crypto layer, freeing of tempory allocations (done by abort) and a couple of checks that had already been done prior to that point Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 0a84888b1..848889af8 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -658,11 +658,6 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, operation->tag_buffer, operation->tag_length ) ); - /* Even if the above operation fails, we no longer need the - additional data.*/ - mbedtls_free( operation->ad_buffer ); - operation->ad_buffer = NULL; - operation->ad_length = 0; } else { @@ -784,9 +779,6 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, /* Copy the previously generated tag into place */ memcpy( tag, operation->tag_buffer, operation->tag_length ); - mbedtls_free(operation->tag_buffer); - operation->tag_buffer = NULL; - status = PSA_SUCCESS; } else @@ -815,8 +807,6 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, *tag_length = operation->tag_length; } - mbedtls_psa_aead_abort(operation); - return ( status ); } @@ -858,9 +848,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - if( !operation->ad_buffer || !operation->body_buffer ) - return( PSA_ERROR_BAD_STATE ); - /* Perform oneshot CCM decryption *again*, as its the * only way to get the tag, but this time throw away the results, as verify cannot write that much data. */ @@ -895,13 +882,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, /* Even if the above operation fails, we no longer need the data */ mbedtls_free(temp_buffer); - - mbedtls_free(operation->body_buffer); - operation->body_buffer = NULL; - operation->body_length = 0; - - mbedtls_free(operation->tag_buffer); - operation->tag_buffer = NULL; } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -933,8 +913,6 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, status = PSA_ERROR_INVALID_SIGNATURE; } - mbedtls_psa_aead_abort(operation); - return ( status ); } From 4148a6816902d12dd9973baf807ca1e6b908ec88 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 14 May 2021 17:26:56 +0100 Subject: [PATCH 038/195] Update documentation for internal implementation Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 205 +++++++++++++------------------------- 1 file changed, 72 insertions(+), 133 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 4b6d6cd1b..4bf514796 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -155,39 +155,14 @@ psa_status_t mbedtls_psa_aead_decrypt( * aead_encrypt_setup entry point as defined in the PSA driver interface * specification for transparent drivers. * - * The sequence of operations to encrypt a message with authentication - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #mbedtls_psa_aead_operation_t, e.g. - * #MBEDTLS_PSA_AEAD_OPERATION_INIT. - * -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key. - * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of - * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and - * mbedtls_psa_aead_update(). See the documentation of - * mbedtls_psa_aead_set_lengths() for details. - * -# Call either psa_aead_generate_nonce() or - * mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use - * psa_aead_generate_nonce() unless the protocol you are implementing - * requires a specific nonce value. - * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing - * a fragment of the non-encrypted additional authenticated data each time. - * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment - * of the message to encrypt each time. - * -# Call mbedtls_psa_aead_finish(). - * * If an error occurs at any step after a call to - * mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a - * call to mbedtls_psa_aead_abort(). The application may call + * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a + * call to mbedtls_psa_aead_abort(). The PSA core may call * mbedtls_psa_aead_abort() at any time after the operation has been * initialized. * - * After a successful call to mbedtls_psa_aead_encrypt_setup(), the application - * must eventually terminate the operation. The following events terminate an - * operation: - * - A successful call to mbedtls_psa_aead_finish(). - * - A call to mbedtls_psa_aead_abort(). + * After a successful call to mbedtls_psa_aead_encrypt_setup(), the PSA core + * eventually terminates the operation by calling mbedtls_psa_aead_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for @@ -236,36 +211,14 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t * aead_decrypt_setup entry point as defined in the PSA driver interface * specification for transparent drivers. * - * The sequence of operations to decrypt a message with authentication - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #mbedtls_psa_aead_operation_t, e.g. - * #PSA_AEAD_OPERATION_INIT. - * -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key. - * -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of - * the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and - * mbedtls_psa_aead_update(). See the documentation of - * mbedtls_psa_aead_set_lengths() for details. - * -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption. - * -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a - * fragment of the non-encrypted additional authenticated data each time. - * -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment - * of the ciphertext to decrypt each time. - * -# Call mbedtls_psa_aead_verify(). - * * If an error occurs at any step after a call to - * mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a - * call to mbedtls_psa_aead_abort(). The application may call + * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a + * call to mbedtls_psa_aead_abort(). The PSA core may call * mbedtls_psa_aead_abort() at any time after the operation has been * initialized. * - * After a successful call to mbedtls_psa_aead_decrypt_setup(), the application - * must eventually terminate the operation. The following events terminate an - * operation: - * - A successful call to mbedtls_psa_aead_verify(). - * - A call to mbedtls_psa_aead_abort(). + * After a successful call to mbedtls_psa_aead_decrypt_setup(), the PSA core + * eventually terminates the operation by a call to mbedtls_psa_aead_abort(). * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for @@ -309,23 +262,19 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t /** Set the nonce for an authenticated encryption or decryption operation. * - * \note The signature of this function is that of a PSA driver - * psa_aead_set_nonce entry point. This function behaves as an - * psa_aead_set_nonce entry point as defined in the PSA driver interface - * specification for transparent drivers. + * \note The signature of this function is that of a PSA driver aead_set_nonce + * entry point. This function behaves as an aead_set_nonce entry point as + * defined in the PSA driver interface specification for transparent + * drivers. * * This function sets the nonce for the authenticated * encryption or decryption operation. * - * The application must call mbedtls_psa_aead_encrypt_setup() or + * The PSA core calls mbedtls_psa_aead_encrypt_setup() or * mbedtls_psa_aead_decrypt_setup() before calling this function. * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). - * - * \note When encrypting, applications should use - * mbedtls_psa_aead_generate_nonce() instead of this function, unless - * implementing a protocol that requires a non-random IV. + * If this function returns an error status, the PSA core calls + * mbedtls_psa_aead_abort(). * * \param[in,out] operation Active AEAD operation. * \param[in] nonce Buffer containing the nonce to use. @@ -354,19 +303,18 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, /** Declare the lengths of the message and additional data for AEAD. * - * \note The signature of this function is that of a PSA driver - * psa_aead_set_lengths entry point. This function behaves as an - * psa_aead_set_lengths entry point as defined in the PSA driver interface - * specification for transparent drivers. + * \note The signature of this function is that of a PSA driver aead_set_lengths + * entry point. This function behaves as an aead_set_lengths entry point + * as defined in the PSA driver interface specification for transparent + * drivers. * - * The application must call this function before calling - * mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm - * for the operation requires it. If the algorithm does not require it, calling - * this function is optional, but if this function is called then the - * implementation must enforce the lengths. + * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() + * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. + * If the algorithm does not require it, calling this function is optional, but + * if this function is called then the implementation must enforce the lengths. * - * You may call this function before or after setting the nonce with - * mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce(). + * The PSA core may call this function before or after setting the nonce with + * mbedtls_psa_aead_set_nonce(). * * - For #PSA_ALG_CCM, calling this function is required. * - For the other AEAD algorithms defined in this specification, calling @@ -413,17 +361,17 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * * Additional data is authenticated, but not encrypted. * - * You may call this function multiple times to pass successive fragments - * of the additional data. You may not call this function after passing - * data to encrypt or decrypt with mbedtls_psa_aead_update(). + * The PSA core can call this function multiple times to pass successive + * fragments of the additional data. It will not call this function after + * passing data to encrypt or decrypt with mbedtls_psa_aead_update(). * - * Before calling this function, you must: - * 1. Call either mbedtls_psa_aead_encrypt_setup() or - * mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with - * psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce(). + * Before calling this function, The PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). * * \warning When decrypting, until mbedtls_psa_aead_verify() has returned * #PSA_SUCCESS, there is no guarantee that the input is valid. @@ -433,8 +381,8 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * mbedtls_psa_aead_verify() returns an error status. * * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire - * additional data to be passed in in one go, i.e. only call - * mbedtls_mbedtls_psa_aead_update_ad() once. + * additional data to be passed in in one go, i.e. + * mbedtls_mbedtls_psa_aead_update_ad() can only be called once. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the fragment of @@ -471,31 +419,15 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * point as defined in the PSA driver interface specification for * transparent drivers. * - * Before calling this function, you must: - * 1. Call either mbedtls_psa_aead_encrypt_setup() or - * mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines - * whether this function encrypts or decrypts its input. - * 2. Set the nonce with psa_aead_generate_nonce() or - * mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass - * all the additional data. + * Before calling this function, the PSA core will: + * 1. Call either mbedtls_psa_aead_encrypt_setup() or + * mbedtls_psa_aead_decrypt_setup(). The choice of setup function + * determines whether this function encrypts or decrypts its input. + * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). + * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). - * - * \warning When decrypting, until mbedtls_psa_aead_verify() has returned - * #PSA_SUCCESS, there is no guarantee that the input is valid. - * Therefore, until you have called mbedtls_psa_aead_verify() and it - * has returned #PSA_SUCCESS: - * - Do not use the output in any way other than storing it in a - * confidential location. If you take any action that depends - * on the tentative decrypted data, this action will need to be - * undone if the input turns out not to be valid. Furthermore, - * if an adversary can observe that this action took place - * (for example through timing), they may be able to use this - * fact as an oracle to decrypt any message encrypted with the - * same key. - * - In particular, do not copy the output anywhere but to a - * memory or storage space that you have exclusive access to. + * If this function returns an error status, the PSA core will call + * mbedtls_psa_aead_abort(). * * This function does not require the input to be aligned to any * particular block boundary. If the implementation can only process @@ -506,8 +438,8 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. * * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire - * data to be passed in in one go, i.e. only call - * mbedtls_mbedtls_psa_aead_update() once. + * data to be passed in in one go, i.e. mbedtls_mbedtls_psa_aead_update() + * can only be called once. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the message fragment to @@ -563,7 +495,8 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * point as defined in the PSA driver interface specification for * transparent drivers. * - * The operation must have been set up with mbedtls_psa_aead_encrypt_setup(). + * The operation must have been set up by the PSA core with + * mbedtls_psa_aead_encrypt_setup(). * * This function finishes the authentication of the additional data * formed by concatenating the inputs passed to preceding calls to @@ -572,14 +505,11 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * * This function has two output buffers: * - \p ciphertext contains trailing ciphertext that was buffered from - * preceding calls to mbedtls_psa_aead_update(). - * - \p tag contains the authentication tag. Its length is always - * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm - * that the operation performs. + * preceding calls to psa_aead_update(). + * - \p tag contains the authentication tag. * - * When this function returns successfuly, the operation becomes inactive. - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). + * Whether or not this function returns successfuly, the PSA core subsequently + * calls mbedtls_psa_aead_abort() to deactivate the operation. * * \param[in,out] operation Active AEAD operation. * \param[out] ciphertext Buffer where the last part of the ciphertext @@ -594,9 +524,17 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * \param[out] tag Buffer where the authentication tag is * to be written. * \param tag_size Size of the \p tag buffer in bytes. - * This must be at least - * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is - * the algorithm that is being calculated. + * This must be appropriate for the selected + * algorithm and key: + * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c + * key_type, \c key_bits, \c alg) where + * \c key_type and \c key_bits are the type and + * bit-size of the key, and \c alg is the + * algorithm that were used in the call to + * psa_aead_encrypt_setup(). + * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the + * maximum tag size of any supported AEAD + * algorithm. * \param[out] tag_length On success, the number of bytes * that make up the returned tag. * @@ -610,8 +548,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * You can determine a sufficient buffer size for \p ciphertext by * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) * where \c alg is the algorithm that is being calculated. - * You can determine a sufficient buffer size for \p tag by - * calling #PSA_AEAD_TAG_LENGTH(\c alg). + * #PSA_AEAD_TAG_LENGTH(\c key_type, \c key_bits, \c alg) or + * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag + * buffer size. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -645,7 +584,8 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * point as defined in the PSA driver interface specification for * transparent drivers. * - * The operation must have been set up with mbedtls_psa_aead_decrypt_setup(). + * The operation must have been set up by the PSA core with + * mbedtls_psa_aead_decrypt_setup(). * * This function finishes the authenticated decryption of the message * components: @@ -660,9 +600,8 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * plaintext and reports success. If the authentication tag is not correct, * this function returns #PSA_ERROR_INVALID_SIGNATURE. * - * When this function returns successfuly, the operation becomes inactive. - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). + * Whether or not this function returns successfully, the PSA core subsequently + * calls mbedtls_psa_aead_abort() to deactivate the operation. * * \note Implementations shall make the best effort to ensure that the * comparison between the actual tag and the expected tag is performed @@ -731,10 +670,10 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, * * Aborting an operation frees all associated resources except for the * \p operation structure itself. Once aborted, the operation object - * can be reused for another operation by calling + * can be reused for another operation by the PSA core by it calling * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. * - * You may call this function any time after the operation object has + * The PSA core may call this function any time after the operation object has * been initialized as described in #mbedtls_psa_aead_operation_t. * * In particular, calling mbedtls_psa_aead_abort() after the operation has been From 9622c9aae098f89d8c6569b20c17de8cd2321616 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 17 May 2021 17:30:52 +0100 Subject: [PATCH 039/195] Fix updated size macros in documentation Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 68 +++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 4bf514796..ce8bb3a51 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -447,10 +447,18 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * \param input_length Size of the \p input buffer in bytes. * \param[out] output Buffer where the output is to be written. * \param output_size Size of the \p output buffer in bytes. - * This must be at least - * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, - * \p input_length) where \c alg is the - * algorithm that is being calculated. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, + * \c alg, \p input_length) where + * \c key_type is the type of key and \c alg is + * the algorithm that were used to set up the + * operation. + * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p + * input_length) evaluates to the maximum + * output size of any supported AEAD + * algorithm. * \param[out] output_length On success, the number of bytes * that make up the returned output. * @@ -461,9 +469,10 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * set, and have lengths set if required by the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * You can determine a sufficient buffer size by calling - * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length) - * where \c alg is the algorithm that is being calculated. + * The size of the \p output buffer is too small. + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or + * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to + * determine the required buffer size. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to mbedtls_psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -515,10 +524,16 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * \param[out] ciphertext Buffer where the last part of the ciphertext * is to be written. * \param ciphertext_size Size of the \p ciphertext buffer in bytes. - * This must be at least - * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where - * \c alg is the algorithm that is being - * calculated. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. * \param[out] ciphertext_length On success, the number of bytes of * returned ciphertext. * \param[out] tag Buffer where the authentication tag is @@ -545,12 +560,11 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p ciphertext or \p tag buffer is too small. - * You can determine a sufficient buffer size for \p ciphertext by - * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) - * where \c alg is the algorithm that is being calculated. - * #PSA_AEAD_TAG_LENGTH(\c key_type, \c key_bits, \c alg) or - * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag - * buffer size. + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or + * #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the + * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, + * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to + * determine the required \p tag buffer size. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to psa_aead_update_ad() so far is * less than the additional data length that was previously @@ -614,10 +628,16 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * that could not be processed until the end * of the input. * \param plaintext_size Size of the \p plaintext buffer in bytes. - * This must be at least - * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where - * \c alg is the algorithm that is being - * calculated. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. * \param[out] plaintext_length On success, the number of bytes of * returned plaintext. * \param[in] tag Buffer containing the authentication tag. @@ -633,9 +653,9 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p plaintext buffer is too small. - * You can determine a sufficient buffer size for \p plaintext by - * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) - * where \c alg is the algorithm that is being calculated. + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or + * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the + * required buffer size. * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to mbedtls_psa_aead_update_ad() so far is * less than the additional data length that was previously From 498d3503c4d9ee4dd9dd96aa26ba8301ecc75c9d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 17 May 2021 18:16:20 +0100 Subject: [PATCH 040/195] Misc documentation fixes. Misnamed function calls, typos and missed changes. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index ce8bb3a51..c111c332e 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -273,7 +273,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t * The PSA core calls mbedtls_psa_aead_encrypt_setup() or * mbedtls_psa_aead_decrypt_setup() before calling this function. * - * If this function returns an error status, the PSA core calls + * If this function returns an error status, the PSA core will call * mbedtls_psa_aead_abort(). * * \param[in,out] operation Active AEAD operation. @@ -321,8 +321,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, * this function is not required. * - For vendor-defined algorithm, refer to the vendor documentation. * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_aead_abort(). + * If this function returns an error status, the PSA core calls + * mbedtls_psa_aead_abort(). * * \param[in,out] operation Active AEAD operation. * \param ad_length Size of the non-encrypted additional @@ -365,7 +365,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * fragments of the additional data. It will not call this function after * passing data to encrypt or decrypt with mbedtls_psa_aead_update(). * - * Before calling this function, The PSA core will: + * Before calling this function, the PSA core will: * 1. Call either mbedtls_psa_aead_encrypt_setup() or * mbedtls_psa_aead_decrypt_setup(). * 2. Set the nonce with mbedtls_psa_aead_set_nonce(). @@ -382,7 +382,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire * additional data to be passed in in one go, i.e. - * mbedtls_mbedtls_psa_aead_update_ad() can only be called once. + * mbedtls_psa_aead_update_ad() can only be called once. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the fragment of @@ -438,8 +438,8 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. * * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire - * data to be passed in in one go, i.e. mbedtls_mbedtls_psa_aead_update() - * can only be called once. + * data to be passed in in one go, i.e. mbedtls_psa_aead_update() can only + * be called once. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the message fragment to @@ -514,7 +514,7 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * * This function has two output buffers: * - \p ciphertext contains trailing ciphertext that was buffered from - * preceding calls to psa_aead_update(). + * preceding calls to mbedtls_psa_aead_update(). * - \p tag contains the authentication tag. * * Whether or not this function returns successfuly, the PSA core subsequently @@ -544,9 +544,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c * key_type, \c key_bits, \c alg) where * \c key_type and \c key_bits are the type and - * bit-size of the key, and \c alg is the + * bit-size of the key, and \c alg are the * algorithm that were used in the call to - * psa_aead_encrypt_setup(). + * mbedtls_psa_aead_encrypt_setup(). * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the * maximum tag size of any supported AEAD * algorithm. @@ -566,9 +566,9 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to * determine the required \p tag buffer size. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to psa_aead_update_ad() so far is + * The total length of input to mbedtls_psa_aead_update_ad() so far is * less than the additional data length that was previously - * specified with psa_aead_set_lengths(). + * specified with mbedtls_psa_aead_set_lengths(). * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to mbedtls_psa_aead_update() so far is * less than the plaintext length that was previously @@ -663,7 +663,7 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total length of input to mbedtls_psa_aead_update() so far is * less than the plaintext length that was previously - * specified with psa_aead_set_lengths(). + * specified with mbedtls_psa_aead_set_lengths(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE From b91f331fcee009e79e6f1c1a8ede672bc7fb4b6d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 19 May 2021 12:30:15 +0100 Subject: [PATCH 041/195] Correct potential return values in documentation Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 121 ++++++++------------------------------ 1 file changed, 23 insertions(+), 98 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index c111c332e..cf6230149 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -178,23 +178,12 @@ psa_status_t mbedtls_psa_aead_decrypt( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * Failed to allocate memory for key material */ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t *operation, @@ -234,23 +223,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT + * * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * Failed to allocate memory for key material */ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t *operation, @@ -282,20 +260,11 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, with no nonce - * set). * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p nonce is not acceptable for the chosen algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. */ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, const uint8_t *nonce, @@ -331,21 +300,12 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, and - * mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not - * have been called yet). * \retval #PSA_ERROR_INVALID_ARGUMENT * At least one of the lengths is not acceptable for the chosen * algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. */ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t *operation, @@ -391,22 +351,15 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, have a nonce - * set, have lengths set if required by the algorithm, and - * mbedtls_psa_aead_update() must not have been called yet). * \retval #PSA_ERROR_INVALID_ARGUMENT * The total input length overflows the additional data length that * was previously specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * \retval #PSA_ERROR_NOT_SUPPORTED + * (For GCM / CCM) PSA core attempted to call mbedtls_psa_update_ad() + * more than once. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. */ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, const uint8_t *input, @@ -464,12 +417,9 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, have a nonce - * set, and have lengths set if required by the algorithm). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * The size of the \p output buffer is too small. * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to * determine the required buffer size. @@ -480,15 +430,12 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total input length overflows the plaintext length that * was previously specified with mbedtls_psa_aead_set_lengths(). + * \retval #PSA_ERROR_NOT_SUPPORTED + * (GCM / CCM only) PSA core attempted to call mbedtls_psa_update() more + * than once. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * (CCM only) Unable to allocate memory for the tag or the body + */ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, const uint8_t *input, @@ -573,15 +520,6 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * The total length of input to mbedtls_psa_aead_update() so far is * less than the plaintext length that was previously * specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, uint8_t *ciphertext, @@ -665,14 +603,7 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * less than the plaintext length that was previously * specified with mbedtls_psa_aead_set_lengths(). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * (CCM only) Failed to allocate temporary buffer */ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, uint8_t *plaintext, @@ -703,13 +634,7 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, * \param[in,out] operation Initialized AEAD operation. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. + * Success. */ psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation); From 5c656cbf99fd8a6297f7c912fb1ee6362c1fc722 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 19 May 2021 14:15:01 +0100 Subject: [PATCH 042/195] Fix missed incorrect include guard Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7590800e2..3245ff422 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1399,7 +1399,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, nonce, From e9eeea32905ce2c416df21afc19c6244ac989685 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 19 May 2021 14:32:58 +0100 Subject: [PATCH 043/195] Formatting fixes Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 848889af8..4fb0e3b0f 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -391,7 +391,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t if( operation->alg == PSA_ALG_GCM ) { /* GCM sets nonce once additional data has been supplied */ - memcpy(operation->nonce, nonce, nonce_length); + memcpy( operation->nonce, nonce, nonce_length ); /* We know that nonce size cannot exceed the uint8_t size */ operation->nonce_length = ( uint8_t ) nonce_length; @@ -449,8 +449,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t if( operation->alg == PSA_ALG_GCM ) { /* Lengths can only be too large for GCM if size_t is bigger than 32 - * bits. Without th - e guard this code will generate warnings on 32bit builds*/ + * bits. Without the guard this code will generate warnings on 32bit + builds */ #if SIZE_MAX > UINT32_MAX if( ( (uint64_t) ad_length ) >> 61 != 0 || ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) @@ -509,10 +509,10 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - /* GCM currently requires all the additional data to be passed in in - * one contiguous buffer, so until that is re-done, we have to enforce - * this, as we cannot allocate a buffer to collate multiple calls into. - */ + /* GCM currently requires all the additional data to be passed in + * in one contiguous buffer, so until that is re-done, we have to + * enforce this, as we cannot allocate a buffer to collate multiple + * calls into. */ if( operation->ad_started ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -541,9 +541,7 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length ); if( operation->ad_buffer == NULL ) - { return( PSA_ERROR_INSUFFICIENT_MEMORY ); - } memcpy( operation->ad_buffer, input, input_length ); operation->ad_length = input_length; @@ -667,9 +665,7 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, ( uint8_t * ) mbedtls_calloc(1, input_length ); if( operation->body_buffer == NULL) - { return( PSA_ERROR_INSUFFICIENT_MEMORY ); - } memcpy( operation->body_buffer, input, input_length ); operation->body_length = input_length; @@ -859,9 +855,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size ); if( temp_buffer == NULL) - { return( PSA_ERROR_INSUFFICIENT_MEMORY ); - } ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, operation->body_length, @@ -881,7 +875,7 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, } /* Even if the above operation fails, we no longer need the data */ - mbedtls_free(temp_buffer); + mbedtls_free( temp_buffer ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ From bb8bf6649e4fd09ad044849c242ae8f7d4b266d1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 19 May 2021 17:29:42 +0100 Subject: [PATCH 044/195] Change function signature indentation Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 102 +++++++++++++++++++------------------- library/psa_crypto_aead.h | 93 +++++++++++++++++----------------- 2 files changed, 100 insertions(+), 95 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 4fb0e3b0f..0daa3034a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -337,13 +337,12 @@ exit: /* Set the key and algorithm for a multipart authenticated encryption * operation. */ -psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t - *operation, - const psa_key_attributes_t - *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -358,13 +357,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t /* Set the key and algorithm for a multipart authenticated decryption * operation. */ -psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t - *operation, - const psa_key_attributes_t - *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -380,10 +378,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t } /* Set a nonce for the multipart AEAD operation*/ -psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t - *operation, - const uint8_t *nonce, - size_t nonce_length ) +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -439,10 +437,10 @@ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t return( status ); } /* Declare the lengths of the message and additional data for AEAD. */ -psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t - *operation, - size_t ad_length, - size_t plaintext_length ) +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) @@ -491,10 +489,10 @@ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t } /* Pass additional data to an active multipart AEAD operation. */ -psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t - *operation, - const uint8_t *input, - size_t input_length ) +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -574,12 +572,13 @@ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t /* Encrypt or decrypt a message fragment in an active multipart AEAD * operation.*/ -psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { size_t update_output_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -719,10 +718,10 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, /* Common checks for both mbedtls_psa_aead_finish() and mbedtls_psa_aead_verify() */ -static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t - *operation, - size_t output_size, - size_t tag_size ) +static psa_status_t mbedtls_psa_aead_finish_checks( + mbedtls_psa_aead_operation_t *operation, + size_t output_size, + size_t tag_size ) { size_t finish_output_size; @@ -744,13 +743,14 @@ static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t } /* Finish encrypting a message in a multipart AEAD operation. */ -psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length ) +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t finish_output_size = 0; @@ -808,12 +808,13 @@ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, /* Finish authenticating and decrypting a message in a multipart AEAD * operation.*/ -psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length ) +psa_status_t mbedtls_psa_aead_verify( + mbedtls_psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -911,7 +912,8 @@ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, } /* Abort an AEAD operation */ -psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation ) +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ) { switch( operation->alg ) { diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index cf6230149..fcac5cac1 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -185,13 +185,12 @@ psa_status_t mbedtls_psa_aead_decrypt( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * Failed to allocate memory for key material */ -psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t - *operation, - const psa_key_attributes_t - *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); +psa_status_t mbedtls_psa_aead_encrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); /** Set the key for a multipart authenticated decryption operation. * @@ -230,13 +229,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * Failed to allocate memory for key material */ -psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t - *operation, - const psa_key_attributes_t - *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg); +psa_status_t mbedtls_psa_aead_decrypt_setup( + mbedtls_psa_aead_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); /** Set the nonce for an authenticated encryption or decryption operation. * @@ -266,9 +264,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t * Algorithm previously set is not supported in this configuration of * the library. */ -psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length); +psa_status_t mbedtls_psa_aead_set_nonce( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length ); /** Declare the lengths of the message and additional data for AEAD. * @@ -307,10 +306,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation, * Algorithm previously set is not supported in this configuration of * the library. */ -psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t - *operation, - size_t ad_length, - size_t plaintext_length); +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); /** Pass additional data to an active AEAD operation. * @@ -361,9 +360,10 @@ psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t * Algorithm previously set is not supported in this configuration of * the library. */ -psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); +psa_status_t mbedtls_psa_aead_update_ad( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length ); /** Encrypt or decrypt a message fragment in an active AEAD operation. * @@ -437,12 +437,13 @@ psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation, * (CCM only) Unable to allocate memory for the tag or the body */ -psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); +psa_status_t mbedtls_psa_aead_update( + mbedtls_psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); /** Finish encrypting a message in an AEAD operation. * @@ -521,13 +522,14 @@ psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation, * less than the plaintext length that was previously * specified with mbedtls_psa_aead_set_lengths(). */ -psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length); +psa_status_t mbedtls_psa_aead_finish( + mbedtls_psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length ); /** Finish authenticating and decrypting a message in an AEAD operation. * @@ -605,12 +607,13 @@ psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation, * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * (CCM only) Failed to allocate temporary buffer */ -psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length); +psa_status_t mbedtls_psa_aead_verify( + mbedtls_psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length ); /** Abort an AEAD operation. * @@ -636,7 +639,7 @@ psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation, * \retval #PSA_SUCCESS * Success. */ -psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation); - +psa_status_t mbedtls_psa_aead_abort( + mbedtls_psa_aead_operation_t *operation ); #endif /* PSA_CRYPTO_AEAD */ From cee785cd72d7163042fbf34924836efdd04cf149 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 14:29:20 +0100 Subject: [PATCH 045/195] Seperate id checks from other state checks Signed-off-by: Paul Elliott --- library/psa_crypto.c | 88 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 69 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 527e44e76..9c7a380d5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3248,8 +3248,14 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->id || operation->nonce_set || - operation->ad_started || operation->body_started ) + if( operation->id != 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3259,9 +3265,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) - { goto exit; - } psa_key_attributes_t attributes = { .core = slot->attr @@ -3272,9 +3276,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, slot->key.bytes, alg ); if( status != PSA_SUCCESS ) - { goto exit; - } operation->key_type = psa_get_key_type( &attributes ); @@ -3310,8 +3312,14 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->id || operation->nonce_set || - operation->ad_started || operation->body_started ) + if( operation->id != 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3359,8 +3367,14 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, *nonce_length = 0; - if( !operation->id || operation->nonce_set || - operation->ad_started || operation->body_started ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3401,8 +3415,14 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->id || operation->nonce_set || - operation->ad_started || operation->body_started ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3428,7 +3448,13 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->id || operation->lengths_set ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( operation->lengths_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3453,7 +3479,13 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( !operation->id || !operation->nonce_set ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3485,7 +3517,13 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, *output_length = 0; - if( !operation->id || !operation->nonce_set || !operation->ad_started ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set || !operation->ad_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3519,8 +3557,14 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *ciphertext_length = 0; *tag_length = 0; - if( !operation->id || !operation->nonce_set || - !operation->ad_started || !operation->body_started ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set || !operation->ad_started || + !operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3551,8 +3595,14 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; - if( !operation->id || !operation->nonce_set || - !operation->ad_started || !operation->body_started ) + if( operation->id == 0 ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + if( !operation->nonce_set || !operation->ad_started || + !operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; From ac1b3fd5b6b12f9cf4821ecb493a700c57a696ea Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 14:33:13 +0100 Subject: [PATCH 046/195] Ensure that key gets unlocked in case of error Signed-off-by: Paul Elliott --- library/psa_crypto.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9c7a380d5..adf3b2b7a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3280,14 +3280,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, operation->key_type = psa_get_key_type( &attributes ); +exit: + unlock_status = psa_unlock_key_slot( slot ); if( unlock_status != PSA_SUCCESS ) - { status = unlock_status; - } - -exit: if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); @@ -3339,15 +3337,18 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, &attributes, slot->key.data, slot->key.bytes, alg ); + if( status != PSA_SUCCESS ) + goto exit; + operation->key_type = psa_get_key_type( &attributes ); +exit: + unlock_status = psa_unlock_key_slot( slot ); if( unlock_status != PSA_SUCCESS ) status = unlock_status; -exit: - if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); else From b91da71db1ccb6a28a0a9cec7c769ab73d1d32bf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 14:43:47 +0100 Subject: [PATCH 047/195] Remove unrequired initialisation Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index adf3b2b7a..e97cbaf98 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3364,7 +3364,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, size_t *nonce_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t required_nonce_size = nonce_size; + size_t required_nonce_size; *nonce_length = 0; From ee4ffe00798af7d5364fd7543db593bca4e26cca Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 17:25:06 +0100 Subject: [PATCH 048/195] Move AEAD length checks to PSA core Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_primitives.h | 6 +-- include/psa/crypto_struct.h | 5 ++- library/psa_crypto.c | 49 +++++++++++++++++++++++++ library/psa_crypto_aead.c | 31 ---------------- 4 files changed, 54 insertions(+), 37 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index e3903bca5..b28e0d7e2 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -130,7 +130,6 @@ typedef struct psa_algorithm_t alg; psa_key_type_t key_type; - unsigned int lengths_set : 1; unsigned int is_encrypt : 1; unsigned int ad_started : 1; unsigned int body_started : 1; @@ -138,9 +137,6 @@ typedef struct uint8_t tag_length; uint8_t nonce_length; - size_t ad_remaining; - size_t body_remaining; - /* Buffers for AD/data - only required until CCM gets proper multipart support. */ uint8_t *ad_buffer; @@ -172,7 +168,7 @@ typedef struct } mbedtls_psa_aead_operation_t; -#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 36503f91c..0f74c5481 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -165,6 +165,9 @@ struct psa_aead_operation_s psa_algorithm_t alg; psa_key_type_t key_type; + size_t ad_remaining; + size_t body_remaining; + unsigned int nonce_set : 1; unsigned int lengths_set : 1; unsigned int ad_started : 1; @@ -173,7 +176,7 @@ struct psa_aead_operation_s psa_driver_aead_context_t ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e97cbaf98..c53020a2b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3467,7 +3467,11 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, exit: if( status == PSA_SUCCESS ) + { + operation->ad_remaining = ad_length; + operation->body_remaining = plaintext_length; operation->lengths_set = 1; + } else psa_aead_abort( operation ); @@ -3492,6 +3496,17 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, goto exit; } + if( operation->lengths_set ) + { + if ( operation->ad_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->ad_remaining -= input_length; + } + status = psa_driver_wrapper_aead_update_ad( operation, input, input_length ); @@ -3530,6 +3545,26 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, goto exit; } + if( operation->lengths_set ) + { + /* Additional data length was supplied, but not all the additional + data was supplied.*/ + if( operation->ad_remaining != 0 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Too much data provided. */ + if( operation->body_remaining < input_length ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->body_remaining -= input_length; + } + status = psa_driver_wrapper_aead_update( operation, input, input_length, output, output_size, output_length ); @@ -3571,6 +3606,13 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, goto exit; } + if( operation->lengths_set && (operation->ad_remaining != 0 || + operation->body_remaining != 0 ) ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + status = psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, @@ -3609,6 +3651,13 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, goto exit; } + if( operation->lengths_set && (operation->ad_remaining != 0 || + operation->body_remaining != 0 ) ) + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + status = psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length, diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 0daa3034a..bbfc9271e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -481,10 +481,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( return ( PSA_ERROR_NOT_SUPPORTED ); } - operation->ad_remaining = ad_length; - operation->body_remaining = plaintext_length; - operation->lengths_set = 1; - return ( PSA_SUCCESS ); } @@ -496,14 +492,6 @@ psa_status_t mbedtls_psa_aead_update_ad( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( operation->lengths_set ) - { - if ( operation->ad_remaining < input_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - operation->ad_remaining -= input_length; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { @@ -590,20 +578,6 @@ psa_status_t mbedtls_psa_aead_update( input_length ) > output_size ) return ( PSA_ERROR_BUFFER_TOO_SMALL ); - if( operation->lengths_set) - { - /* Additional data length was supplied, but not all the additional - data was supplied.*/ - if( operation->ad_remaining != 0 ) - return ( PSA_ERROR_INVALID_ARGUMENT ); - - /* Too much data provided. */ - if( operation->body_remaining < input_length ) - return ( PSA_ERROR_INVALID_ARGUMENT ); - - operation->body_remaining -= input_length; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { @@ -725,10 +699,6 @@ static psa_status_t mbedtls_psa_aead_finish_checks( { size_t finish_output_size; - if( operation->lengths_set ) - if( operation->ad_remaining != 0 || operation->body_remaining != 0 ) - return( PSA_ERROR_BAD_STATE ); - if( tag_size < operation->tag_length ) return ( PSA_ERROR_BUFFER_TOO_SMALL ); @@ -934,7 +904,6 @@ psa_status_t mbedtls_psa_aead_abort( #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ } - operation->lengths_set = 0; operation->is_encrypt = 0; operation->ad_started = 0; operation->body_started = 0; From 1a98acac1c6a31507f81164ba2b30e6357d6e44e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 18:24:07 +0100 Subject: [PATCH 049/195] Properly handle GCM's range of nonce sizes Add comment to the effect that we cannot really check nonce size as the GCM spec allows almost arbitrarily large nonces. As a result of this, change the operation nonce over to an allocated buffer to avoid overflow situations. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_primitives.h | 6 +++--- library/psa_crypto.c | 6 ++++++ library/psa_crypto_aead.c | 18 ++++++++++++++++-- library/psa_crypto_aead.h | 2 ++ 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index b28e0d7e2..b67b23ff1 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -135,7 +135,6 @@ typedef struct unsigned int body_started : 1; uint8_t tag_length; - uint8_t nonce_length; /* Buffers for AD/data - only required until CCM gets proper multipart support. */ @@ -149,7 +148,8 @@ typedef struct /* buffer to store Nonce - only required until CCM and GCM get proper multipart support. */ - uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t *nonce; + size_t nonce_length; union { @@ -168,7 +168,7 @@ typedef struct } mbedtls_psa_aead_operation_t; -#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}} +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c53020a2b..fcc22e167 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3429,6 +3429,12 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } + /* Not checking nonce size here as GCM spec allows almost abitrarily large + * nonces. Please note that we do not generally recommend the usage of + * nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces + * are hashed to a shorter size, which can then lead to collisions if you + encrypt a very large number of messages. */ + status = psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ); diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index bbfc9271e..10849b2ad 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -388,11 +388,16 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { + operation->nonce = mbedtls_calloc( 1, nonce_length ); + + if( operation->nonce == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + /* GCM sets nonce once additional data has been supplied */ memcpy( operation->nonce, nonce, nonce_length ); /* We know that nonce size cannot exceed the uint8_t size */ - operation->nonce_length = ( uint8_t ) nonce_length; + operation->nonce_length = nonce_length; status = PSA_SUCCESS; } else @@ -400,12 +405,17 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { + operation->nonce = mbedtls_calloc( 1, nonce_length ); + + if( operation->nonce == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + /* Multipart CCM not supported as yet, so CCM is basically operating in oneshot mode. Store the nonce as we need this later */ memcpy( operation->nonce, nonce, nonce_length ); /* We know that nonce size cannot exceed the uint8_t size */ - operation->nonce_length = ( uint8_t ) nonce_length; + operation->nonce_length = nonce_length; status = PSA_SUCCESS; } else @@ -919,6 +929,10 @@ psa_status_t mbedtls_psa_aead_abort( mbedtls_free( operation->tag_buffer ); operation->tag_buffer = NULL; + mbedtls_free( operation->nonce ); + operation->nonce = NULL; + operation->nonce_length = 0; + return( PSA_SUCCESS ); } diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index fcac5cac1..ef4842e35 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -263,6 +263,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( * \retval #PSA_ERROR_NOT_SUPPORTED * Algorithm previously set is not supported in this configuration of * the library. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * (GCM and CCM only) Unable to allocate buffer for nonce. */ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t *operation, From 3dc1c242b426c0ccdd683495d8345ed2395ee976 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 18:32:57 +0100 Subject: [PATCH 050/195] Move AEAD contexts from primitives to composites Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 56 +++++++++++++++++++ include/psa/crypto_builtin_primitives.h | 55 ------------------ .../psa/crypto_driver_contexts_composites.h | 8 +++ .../psa/crypto_driver_contexts_primitives.h | 8 --- 4 files changed, 64 insertions(+), 63 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 1d11b003e..b65922b9c 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -76,6 +76,58 @@ typedef struct #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#define MBEDTLS_PSA_BUILTIN_AEAD 1 +#endif + +/* Context structure for the Mbed TLS AEAD implementation. */ +typedef struct +{ + psa_algorithm_t alg; + psa_key_type_t key_type; + + unsigned int is_encrypt : 1; + unsigned int ad_started : 1; + unsigned int body_started : 1; + + uint8_t tag_length; + + /* Buffers for AD/data - only required until CCM gets proper multipart + support. */ + uint8_t *ad_buffer; + size_t ad_length; + + uint8_t *body_buffer; + size_t body_length; + + uint8_t *tag_buffer; + + /* buffer to store Nonce - only required until CCM and GCM get proper + multipart support. */ + uint8_t *nonce; + size_t nonce_length; + + union + { + unsigned dummy; /* Enable easier initializing of the union. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + mbedtls_ccm_context ccm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + mbedtls_gcm_context gcm; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + mbedtls_chachapoly_context chachapoly; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + } ctx; + +} mbedtls_psa_aead_operation_t; + +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} + /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. */ @@ -87,6 +139,10 @@ typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t; #define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT #define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT +typedef mbedtls_psa_aead_operation_t mbedtls_transparent_test_driver_aead_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_AEAD_OPERATION_INIT MBEDTLS_PSA_AEAD_OPERATION_INIT + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index b67b23ff1..75801a178 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -118,58 +118,6 @@ typedef struct { #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) -#define MBEDTLS_PSA_BUILTIN_AEAD 1 -#endif - -/* Context structure for the Mbed TLS cipher implementation. */ -typedef struct -{ - psa_algorithm_t alg; - psa_key_type_t key_type; - - unsigned int is_encrypt : 1; - unsigned int ad_started : 1; - unsigned int body_started : 1; - - uint8_t tag_length; - - /* Buffers for AD/data - only required until CCM gets proper multipart - support. */ - uint8_t *ad_buffer; - size_t ad_length; - - uint8_t *body_buffer; - size_t body_length; - - uint8_t *tag_buffer; - - /* buffer to store Nonce - only required until CCM and GCM get proper - multipart support. */ - uint8_t *nonce; - size_t nonce_length; - - union - { - unsigned dummy; /* Enable easier initializing of the union. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - - } ctx; - -} mbedtls_psa_aead_operation_t; - -#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} - /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. */ @@ -182,9 +130,6 @@ typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operat typedef mbedtls_psa_cipher_operation_t mbedtls_transparent_test_driver_cipher_operation_t; -typedef mbedtls_psa_aead_operation_t - mbedtls_transparent_test_driver_aead_operation_t; - typedef struct { unsigned int initialised : 1; mbedtls_transparent_test_driver_cipher_operation_t ctx; diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 239fdcb33..957986c22 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -58,5 +58,13 @@ typedef union { #endif } psa_driver_mac_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_aead_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; +#endif +} psa_driver_aead_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 4fba9eb03..104d4bdb6 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -65,13 +65,5 @@ typedef union { #endif } psa_driver_cipher_context_t; -typedef union { - unsigned dummy; /* Make sure this union is always non-empty */ - mbedtls_psa_aead_operation_t mbedtls_ctx; -#if defined(PSA_CRYPTO_DRIVER_TEST) - mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx; -#endif -} psa_driver_aead_context_t; - #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ /* End of automatically generated file. */ From e715f88d9d30e2c2812280f5952339e9dc25b09a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 21:54:19 +0100 Subject: [PATCH 051/195] Fix key slot being used uninitialised on error Signed-off-by: Paul Elliott --- library/psa_crypto.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fcc22e167..5d55e4543 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3240,7 +3240,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; + psa_key_slot_t *slot = NULL; if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { @@ -3282,10 +3282,13 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, exit: - unlock_status = psa_unlock_key_slot( slot ); + if( slot ) + { + unlock_status = psa_unlock_key_slot( slot ); - if( unlock_status != PSA_SUCCESS ) - status = unlock_status; + if( unlock_status != PSA_SUCCESS ) + status = unlock_status; + } if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); @@ -3302,7 +3305,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; + psa_key_slot_t *slot = NULL; if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { @@ -3344,10 +3347,13 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, exit: - unlock_status = psa_unlock_key_slot( slot ); + if( slot ) + { + unlock_status = psa_unlock_key_slot( slot ); - if( unlock_status != PSA_SUCCESS ) - status = unlock_status; + if( unlock_status != PSA_SUCCESS ) + status = unlock_status; + } if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); From 60aa203e30b0ae13bfe2d1aa074e396199d71fc8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 20 May 2021 18:57:02 +0100 Subject: [PATCH 052/195] Remove temporary AEAD CCM implementation Signed-off-by: Paul Elliott --- include/mbedtls/config.h | 8 -- library/ccm.c | 2 - library/psa_crypto_aead.c | 160 ++++++------------------ programs/test/query_config.c | 8 -- scripts/config.py | 1 - tests/suites/test_suite_psa_crypto.data | 112 ----------------- 6 files changed, 35 insertions(+), 256 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6cb05e471..a4479d79f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3756,14 +3756,6 @@ */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED -/** - * Internal define that removes the zeroization of the output when decrypting - * CCM and the tag check fails. This is for internal use only, and was added so - * that PSA multipart CCM could be implmented. This option will be removed at - * some point in the future when proper CCM multipart support is implemented. - * Use at own risk. - */ -//#define MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations diff --git a/library/ccm.c b/library/ccm.c index d52e7b079..424ee77b6 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -386,9 +386,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, if( diff != 0 ) { -#ifndef MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL mbedtls_platform_zeroize( output, length ); -#endif return( MBEDTLS_ERR_CCM_AUTH_FAILED ); } diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 10849b2ad..fb86775e5 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -346,6 +346,13 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return ( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ + status = psa_aead_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -366,7 +373,12 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) key_buffer_size; + #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + return ( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ status = psa_aead_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -405,18 +417,10 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - operation->nonce = mbedtls_calloc( 1, nonce_length ); + ( void ) nonce; + ( void ) nonce_length; - if( operation->nonce == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - /* Multipart CCM not supported as yet, so CCM is basically operating - in oneshot mode. Store the nonce as we need this later */ - memcpy( operation->nonce, nonce, nonce_length ); - - /* We know that nonce size cannot exceed the uint8_t size */ - operation->nonce_length = nonce_length; - status = PSA_SUCCESS; + return ( PSA_ERROR_NOT_SUPPORTED ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -527,21 +531,10 @@ psa_status_t mbedtls_psa_aead_update_ad( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - /* CCM requires all additional data to be passed in in one go at the - minute, as we are basically operating in oneshot mode. */ - if( operation->ad_started ) - return( PSA_ERROR_NOT_SUPPORTED ); + (void) input; + (void) input_length; - /* Save the additional data for later, this will be passed in - when we have the body. */ - operation->ad_buffer = ( uint8_t * ) mbedtls_calloc( 1, input_length ); - - if( operation->ad_buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - memcpy( operation->ad_buffer, input, input_length ); - operation->ad_length = input_length; - status = PSA_SUCCESS; + return ( PSA_ERROR_NOT_SUPPORTED ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -580,7 +573,6 @@ psa_status_t mbedtls_psa_aead_update( { size_t update_output_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; update_output_length = input_length; @@ -609,67 +601,10 @@ psa_status_t mbedtls_psa_aead_update( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - /* CCM does not support multipart yet, so all the input has to be - passed in in one go. */ - if( operation->body_started ) - return( PSA_ERROR_NOT_SUPPORTED ); + (void) input; + (void) input_length; - /* Need to store tag for Finish() / Verify() */ - operation->tag_buffer = - ( uint8_t * ) mbedtls_calloc( 1, operation->tag_length ); - - if( operation->tag_buffer == NULL) - { - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - } - - if( operation->is_encrypt ) - { - /* Perform oneshot CCM encryption with additional data already - stored, as CCM does not support multipart yet.*/ - status = mbedtls_to_psa_error( - mbedtls_ccm_encrypt_and_tag( &operation->ctx.ccm, - input_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - input, - output, - operation->tag_buffer, - operation->tag_length ) ); - - } - else - { - /* Need to back up the body data so we can do this again - later.*/ - operation->body_buffer = - ( uint8_t * ) mbedtls_calloc(1, input_length ); - - if( operation->body_buffer == NULL) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - memcpy( operation->body_buffer, input, input_length ); - operation->body_length = input_length; - - /* this will fail, as the tag is clearly false, but will - write the decrypted data to the output buffer.*/ - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, - input_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - input, output, - operation->tag_buffer, - operation->tag_length ); - - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - status = PSA_SUCCESS; - else - status = mbedtls_to_psa_error( ret ); - } + return ( PSA_ERROR_NOT_SUPPORTED ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -752,10 +687,14 @@ psa_status_t mbedtls_psa_aead_finish( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - /* Copy the previously generated tag into place */ - memcpy( tag, operation->tag_buffer, operation->tag_length ); + ( void ) ciphertext; + ( void ) ciphertext_size; + ( void ) ciphertext_length; + ( void ) tag; + ( void ) tag_size; + ( void ) tag_length; - status = PSA_SUCCESS; + return ( PSA_ERROR_NOT_SUPPORTED ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -797,10 +736,6 @@ psa_status_t mbedtls_psa_aead_verify( size_t tag_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - uint8_t * temp_buffer; - size_t temp_buffer_size; size_t finish_output_size = 0; @@ -825,38 +760,13 @@ psa_status_t mbedtls_psa_aead_verify( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - /* Perform oneshot CCM decryption *again*, as its the - * only way to get the tag, but this time throw away the - results, as verify cannot write that much data. */ - temp_buffer_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, - operation->alg, - operation->body_length - ); + ( void ) plaintext; + ( void ) plaintext_size; + ( void ) plaintext_length; + ( void ) tag; + ( void ) tag_length; - temp_buffer = ( uint8_t * ) mbedtls_calloc(1, temp_buffer_size ); - - if( temp_buffer == NULL) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - ret = mbedtls_ccm_auth_decrypt( &operation->ctx.ccm, - operation->body_length, - operation->nonce, - operation->nonce_length, - operation->ad_buffer, - operation->ad_length, - operation->body_buffer, - temp_buffer, tag, tag_length ); - - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) - status = PSA_ERROR_INVALID_SIGNATURE; - else - { - status = mbedtls_to_psa_error( ret ); - do_tag_check = 0; - } - - /* Even if the above operation fails, we no longer need the data */ - mbedtls_free( temp_buffer ); + return ( PSA_ERROR_NOT_SUPPORTED ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 647279d68..450e2fbbf 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2723,14 +2723,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ -#if defined(MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL) - if( strcmp( "MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL ); - return( 0 ); - } -#endif /* MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL */ - /* If the symbol is not found, return an error */ return( 1 ); } diff --git a/scripts/config.py b/scripts/config.py index f9f06053d..a77ead054 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -197,7 +197,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS 'MBEDTLS_X509_REMOVE_INFO', # removes a feature - 'MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL', # lowers security of CCM ]) def is_seamless_alt(name): diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 177d688e3..c2e80e18d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2062,118 +2062,6 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED -PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #1 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS - -PSA Multipart AEAD encrypt/decrypt: AES-CCM, 19 bytes #2 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS - -PSA Multipart AEAD encrypt/decrypt: DES-CCM not supported -depends_on:MBEDTLS_DES_C:MBEDTLS_CCM_C:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_ERROR_NOT_SUPPORTED - -PSA Multipart AEAD encrypt: AES-CCM, 23 bytes -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=4 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=6 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=8 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=10 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=12 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=14 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f" - -PSA Multipart AEAD encrypt: AES-CCM, 24 bytes, T=16 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" - -PSA Multipart AEAD decrypt: AES-CCM, 39 bytes -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":-1:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":-1:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS - -PSA Multipart AEAD decrypt, AES-CCM, 40 bytes -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=4 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f39":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=6 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 6 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b63fdffcd729bc":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=8 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b64cf2c3bf5f220776":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=10 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 10 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69613343621327defd18e":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=12 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 12 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b69a2e5d8faee3138fa5cf9846":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=14 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 14 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6c99af01cdb6aa76df73c8646c27f":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, 24 bytes, T=16 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 16 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS - -PSA Multipart AEAD decrypt: AES-CCM, invalid signature -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE - -PSA Multipart AEAD decrypt: AES-CCM, invalid signature, T=4 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6643b4f38":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE - -PSA Multipart AEAD decrypt: AES-CCM, T=4, tag is truncated tag for T=16 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 4 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE - -PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 0 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - -PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 2 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - -PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 15 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 15 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - -PSA Multipart AEAD decrypt: AES-CCM, invalid tag length 18 -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_INTERNAL_CCM_NO_ZEROIZE_ON_TAG_FAIL -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS From e95259f833f9580990e6d210b5e591f7cf72d9f3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 17:09:21 +0100 Subject: [PATCH 053/195] Remove some CCM leftovers Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 15 +---- library/psa_crypto_aead.c | 76 ++----------------------- 2 files changed, 7 insertions(+), 84 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index b65922b9c..ff8e148fd 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -93,19 +93,10 @@ typedef struct unsigned int body_started : 1; uint8_t tag_length; - - /* Buffers for AD/data - only required until CCM gets proper multipart - support. */ - uint8_t *ad_buffer; - size_t ad_length; - - uint8_t *body_buffer; - size_t body_length; - uint8_t *tag_buffer; - /* buffer to store Nonce - only required until CCM and GCM get proper - multipart support. */ + /* Buffer to store Nonce - only required until CCM and GCM get proper + * multipart support.*/ uint8_t *nonce; size_t nonce_length; @@ -126,7 +117,7 @@ typedef struct } mbedtls_psa_aead_operation_t; -#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index fb86775e5..d585c59f6 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -349,7 +349,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - return ( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_NOT_SUPPORTED ); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -373,10 +373,10 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { - return ( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_NOT_SUPPORTED ); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ @@ -408,22 +408,11 @@ psa_status_t mbedtls_psa_aead_set_nonce( /* GCM sets nonce once additional data has been supplied */ memcpy( operation->nonce, nonce, nonce_length ); - /* We know that nonce size cannot exceed the uint8_t size */ operation->nonce_length = nonce_length; status = PSA_SUCCESS; } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - ( void ) nonce; - ( void ) nonce_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { @@ -462,7 +451,7 @@ psa_status_t mbedtls_psa_aead_set_lengths( { /* Lengths can only be too large for GCM if size_t is bigger than 32 * bits. Without the guard this code will generate warnings on 32bit - builds */ + * builds */ #if SIZE_MAX > UINT32_MAX if( ( (uint64_t) ad_length ) >> 61 != 0 || ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) @@ -528,16 +517,6 @@ psa_status_t mbedtls_psa_aead_update_ad( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - (void) input; - (void) input_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { @@ -598,16 +577,6 @@ psa_status_t mbedtls_psa_aead_update( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - (void) input; - (void) input_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { @@ -684,20 +653,6 @@ psa_status_t mbedtls_psa_aead_finish( tag_size ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - ( void ) ciphertext; - ( void ) ciphertext_size; - ( void ) ciphertext_length; - ( void ) tag; - ( void ) tag_size; - ( void ) tag_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) status = mbedtls_to_psa_error( @@ -736,9 +691,7 @@ psa_status_t mbedtls_psa_aead_verify( size_t tag_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t finish_output_size = 0; - int do_tag_check = 1; uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; @@ -757,19 +710,6 @@ psa_status_t mbedtls_psa_aead_verify( operation->tag_length ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - ( void ) plaintext; - ( void ) plaintext_size; - ( void ) plaintext_length; - ( void ) tag; - ( void ) tag_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) // call finish to get the tag for comparison. @@ -828,14 +768,6 @@ psa_status_t mbedtls_psa_aead_abort( operation->ad_started = 0; operation->body_started = 0; - mbedtls_free( operation->ad_buffer ); - operation->ad_buffer = NULL; - operation->ad_length = 0; - - mbedtls_free( operation->body_buffer ); - operation->body_buffer = NULL; - operation->body_length = 0; - mbedtls_free( operation->tag_buffer ); operation->tag_buffer = NULL; From 6981fbcf10010dd6018221782ca2b8b2303b6c28 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 17:13:50 +0100 Subject: [PATCH 054/195] Remove unneccessary guard for key unlock Also make sure failure is not hidden by key unlock failure Signed-off-by: Paul Elliott --- library/psa_crypto.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5d55e4543..14ef6e576 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3282,13 +3282,10 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, exit: - if( slot ) - { - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot( slot ); - if( unlock_status != PSA_SUCCESS ) - status = unlock_status; - } + if( status == PSA_SUCCESS ) + status = unlock_status; if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); @@ -3320,6 +3317,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, } if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; @@ -3347,13 +3345,10 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, exit: - if( slot ) - { - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot( slot ); - if( unlock_status != PSA_SUCCESS ) - status = unlock_status; - } + if( status == PSA_SUCCESS ) + status = unlock_status; if( status == PSA_SUCCESS ) operation->alg = psa_aead_get_base_algorithm( alg ); From 6eb959854b4418a5b37e8e193099c34eb079b2e4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 17:41:41 +0100 Subject: [PATCH 055/195] Improve state logic Signed-off-by: Paul Elliott --- library/psa_crypto.c | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 14ef6e576..fb74a0d85 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3254,8 +3254,8 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->ad_started || - operation->body_started ) + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3316,9 +3316,8 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->ad_started || - - operation->body_started ) + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3375,8 +3374,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->ad_started || - operation->body_started ) + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3430,11 +3429,11 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } - /* Not checking nonce size here as GCM spec allows almost abitrarily large - * nonces. Please note that we do not generally recommend the usage of - * nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces - * are hashed to a shorter size, which can then lead to collisions if you - encrypt a very large number of messages. */ + /* Not checking nonce size here as GCM spec allows almost arbitrarily + * large nonces. Please note that we do not generally recommend the usage + * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large + * nonces are hashed to a shorter size, which can then lead to collisions + * if you encrypt a very large number of messages.*/ status = psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ); @@ -3462,7 +3461,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, goto exit; } - if( operation->lengths_set ) + if( operation->lengths_set || operation->ad_started || + operation->body_started) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3497,7 +3497,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set ) + if( !operation->nonce_set || operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3505,7 +3505,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, if( operation->lengths_set ) { - if ( operation->ad_remaining < input_length ) + if( operation->ad_remaining < input_length ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -3546,7 +3546,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set || !operation->ad_started ) + if( !operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3606,8 +3606,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set || !operation->ad_started || - !operation->body_started ) + if( !operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3616,7 +3615,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, if( operation->lengths_set && (operation->ad_remaining != 0 || operation->body_remaining != 0 ) ) { - status = PSA_ERROR_BAD_STATE; + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } @@ -3651,8 +3650,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set || !operation->ad_started || - !operation->body_started ) + if( !operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; From f47b0957ab71a44ebb8a3430bab7a033b2276421 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 18:02:33 +0100 Subject: [PATCH 056/195] Set tag to 'impossible' value on failure to encrypt Signed-off-by: Paul Elliott --- library/psa_crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fb74a0d85..0b6478176 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3626,6 +3626,11 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, exit: + /* In case the operation fails and the user fails to check for failure or + * the zero tag size, make sure the tag is set to something impossible. */ + if( status != PSA_SUCCESS ) + memset(tag, '!', tag_size); + psa_aead_abort( operation ); return( status ); From 3a16e014f209d754586d3fac23f9856830a1a4e9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 18:03:15 +0100 Subject: [PATCH 057/195] Ensure tag lengths match in verification Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index d585c59f6..0e7ca63c5 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -733,8 +733,8 @@ psa_status_t mbedtls_psa_aead_verify( { *plaintext_length = finish_output_size; - if( do_tag_check && - mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) + if( do_tag_check && ( tag_length != operation->tag_length || + mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) ) status = PSA_ERROR_INVALID_SIGNATURE; } From 741beb114781ac3ecfa753fa78d7b8106b5d1c54 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 18:48:30 +0100 Subject: [PATCH 058/195] Improve Changelog Signed-off-by: Paul Elliott --- ChangeLog.d/add_psa_m_aead.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt index d5c0a48c2..378e9c12d 100644 --- a/ChangeLog.d/add_psa_m_aead.txt +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -1,3 +1,4 @@ Features - * Implemented the multipart AEAD API within the PSA Crypto API, along with - tests in the PSA Crypto test suite, and transparent driver wrappers. + * Added multipart AEAD API to the PSA Crypto API + * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API + supporting PolyChaCha and GCM. CCM is not as yet supported. From c40bc1e406eb67b31752a9586e49b79e4211ce48 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 18:58:12 +0100 Subject: [PATCH 059/195] Fix Changelog typo Signed-off-by: Paul Elliott --- ChangeLog.d/add_psa_m_aead.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt index 378e9c12d..3ae58095b 100644 --- a/ChangeLog.d/add_psa_m_aead.txt +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -1,4 +1,4 @@ Features * Added multipart AEAD API to the PSA Crypto API * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API - supporting PolyChaCha and GCM. CCM is not as yet supported. + supporting ChaChaPoly and GCM. CCM is not as yet supported. From 83f09ef056b4b21a79de0835077545ae0b0bb5c8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 21 May 2021 19:28:26 +0100 Subject: [PATCH 060/195] Proper multipart AEAD GCM Implementation Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 10 +--- library/psa_crypto_aead.c | 80 +++++++------------------ 2 files changed, 21 insertions(+), 69 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index ff8e148fd..7d8bc1a8f 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -89,16 +89,8 @@ typedef struct psa_key_type_t key_type; unsigned int is_encrypt : 1; - unsigned int ad_started : 1; - unsigned int body_started : 1; uint8_t tag_length; - uint8_t *tag_buffer; - - /* Buffer to store Nonce - only required until CCM and GCM get proper - * multipart support.*/ - uint8_t *nonce; - size_t nonce_length; union { @@ -117,7 +109,7 @@ typedef struct } mbedtls_psa_aead_operation_t; -#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 0e7ca63c5..1491b3597 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -400,16 +400,12 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - operation->nonce = mbedtls_calloc( 1, nonce_length ); - - if( operation->nonce == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - /* GCM sets nonce once additional data has been supplied */ - memcpy( operation->nonce, nonce, nonce_length ); - - operation->nonce_length = nonce_length; - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( + mbedtls_gcm_starts( &operation->ctx.gcm, + operation->is_encrypt ? + MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, + nonce, + nonce_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ @@ -498,22 +494,8 @@ psa_status_t mbedtls_psa_aead_update_ad( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - /* GCM currently requires all the additional data to be passed in - * in one contiguous buffer, so until that is re-done, we have to - * enforce this, as we cannot allocate a buffer to collate multiple - * calls into. */ - if( operation->ad_started ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = mbedtls_to_psa_error( - mbedtls_gcm_starts( &operation->ctx.gcm, - operation->is_encrypt ? - MBEDTLS_GCM_ENCRYPT : MBEDTLS_GCM_DECRYPT, - operation->nonce, - operation->nonce_length, - input, - input_length ) ); - + mbedtls_gcm_update_ad( &operation->ctx.gcm, input, input_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ @@ -534,9 +516,6 @@ psa_status_t mbedtls_psa_aead_update_ad( return ( PSA_ERROR_NOT_SUPPORTED ); } - if( status == PSA_SUCCESS ) - operation->ad_started = 1; - return ( status ); } @@ -562,18 +541,11 @@ psa_status_t mbedtls_psa_aead_update( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { - /* For the time being set the requirement that all of the body data - * must be passed in in one update, rather than deal with the complexity - * of non block size aligned updates. This will be fixed in 3.0 when - we can change the signature of the GCM multipart functions */ - if( operation->body_started ) - return( PSA_ERROR_NOT_SUPPORTED ); - - - status = mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm, - input_length, - input, - output ) ); + status = mbedtls_to_psa_error( + mbedtls_gcm_update( &operation->ctx.gcm, + input, input_length, + output, output_size, + &update_output_length ) ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ @@ -596,10 +568,7 @@ psa_status_t mbedtls_psa_aead_update( } if( status == PSA_SUCCESS ) - { *output_length = update_output_length; - operation->body_started = 1; - } return( status ); } @@ -647,17 +616,17 @@ psa_status_t mbedtls_psa_aead_finish( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) - /* We will need to do final GCM pass in here when multipart is done. */ - status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, - tag, - tag_size ) ); + status = mbedtls_to_psa_error( + mbedtls_gcm_finish( &operation->ctx.gcm, + ciphertext, ciphertext_size, + tag, tag_size ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) status = mbedtls_to_psa_error( - mbedtls_chachapoly_finish( &operation->ctx.chachapoly, - tag ) ); + mbedtls_chachapoly_finish( &operation->ctx.chachapoly, + tag ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { @@ -706,8 +675,8 @@ psa_status_t mbedtls_psa_aead_verify( /* Call finish to get the tag for comparison */ status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, - check_tag, - operation->tag_length ) ); + plaintext, plaintext_size, + check_tag, operation->tag_length ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) @@ -765,15 +734,6 @@ psa_status_t mbedtls_psa_aead_abort( } operation->is_encrypt = 0; - operation->ad_started = 0; - operation->body_started = 0; - - mbedtls_free( operation->tag_buffer ); - operation->tag_buffer = NULL; - - mbedtls_free( operation->nonce ); - operation->nonce = NULL; - operation->nonce_length = 0; return( PSA_SUCCESS ); } From 40ef3a945490550a5abaaad546ca4c88bde592fb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 25 May 2021 15:48:09 +0100 Subject: [PATCH 061/195] Fix state logic and return codes Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 39a6b7257..e82412346 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3555,8 +3555,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->lengths_set || - operation->ad_started || operation->body_started ) + if( operation->nonce_set || operation->ad_started || + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3845,7 +3845,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, if( operation->lengths_set && (operation->ad_remaining != 0 || operation->body_remaining != 0 ) ) { - status = PSA_ERROR_BAD_STATE; + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } From bc94978d8cbe0d3aa34ab6a4647fa784f973733a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 3 Jun 2021 15:29:00 +0100 Subject: [PATCH 062/195] Add missing unused arguments No algorithm defined case generally doesn't use the operation. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 1491b3597..3b8fdc8b6 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -397,7 +397,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { status = mbedtls_to_psa_error( @@ -427,6 +427,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { + ( void ) operation; ( void ) nonce; ( void ) nonce_length; @@ -474,6 +475,7 @@ psa_status_t mbedtls_psa_aead_set_lengths( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { + ( void ) operation; ( void ) ad_length; ( void ) plaintext_length; @@ -510,8 +512,9 @@ psa_status_t mbedtls_psa_aead_update_ad( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { - (void) input; - (void) input_length; + ( void ) operation; + ( void ) input; + ( void ) input_length; return ( PSA_ERROR_NOT_SUPPORTED ); } @@ -561,8 +564,8 @@ psa_status_t mbedtls_psa_aead_update( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { - (void) input; - (void) input_length; + ( void ) input; + ( void ) input_length; return ( PSA_ERROR_NOT_SUPPORTED ); } From 1c8de15490ee0de8a27935fc0781b4df942a7b8c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 3 Jun 2021 15:54:00 +0100 Subject: [PATCH 063/195] Update documentation to tally with recent changes Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 57 ++------------------------------------- 1 file changed, 2 insertions(+), 55 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index ef4842e35..50644c099 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -181,7 +181,7 @@ psa_status_t mbedtls_psa_aead_decrypt( * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not an AEAD algorithm. + * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * Failed to allocate memory for key material */ @@ -225,7 +225,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( * * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not an AEAD algorithm. + * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * Failed to allocate memory for key material */ @@ -263,8 +263,6 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( * \retval #PSA_ERROR_NOT_SUPPORTED * Algorithm previously set is not supported in this configuration of * the library. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * (GCM and CCM only) Unable to allocate buffer for nonce. */ psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t *operation, @@ -289,7 +287,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( * - For #PSA_ALG_CCM, calling this function is required. * - For the other AEAD algorithms defined in this specification, calling * this function is not required. - * - For vendor-defined algorithm, refer to the vendor documentation. * * If this function returns an error status, the PSA core calls * mbedtls_psa_aead_abort(). @@ -341,9 +338,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( * to undo any action that depends on the input if * mbedtls_psa_aead_verify() returns an error status. * - * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire - * additional data to be passed in in one go, i.e. - * mbedtls_psa_aead_update_ad() can only be called once. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the fragment of @@ -352,12 +346,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total input length overflows the additional data length that - * was previously specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_NOT_SUPPORTED - * (For GCM / CCM) PSA core attempted to call mbedtls_psa_update_ad() - * more than once. * \retval #PSA_ERROR_NOT_SUPPORTED * Algorithm previously set is not supported in this configuration of * the library. @@ -392,10 +380,6 @@ psa_status_t mbedtls_psa_aead_update_ad( * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. * - * \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire - * data to be passed in in one go, i.e. mbedtls_psa_aead_update() can only - * be called once. - * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the message fragment to * encrypt or decrypt. @@ -425,19 +409,6 @@ psa_status_t mbedtls_psa_aead_update_ad( * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to * determine the required buffer size. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to mbedtls_psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total input length overflows the plaintext length that - * was previously specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_NOT_SUPPORTED - * (GCM / CCM only) PSA core attempted to call mbedtls_psa_update() more - * than once. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * (CCM only) Unable to allocate memory for the tag or the body - */ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation, @@ -505,9 +476,6 @@ psa_status_t mbedtls_psa_aead_update( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active encryption - * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p ciphertext or \p tag buffer is too small. * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or @@ -515,14 +483,6 @@ psa_status_t mbedtls_psa_aead_update( * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to * determine the required \p tag buffer size. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to mbedtls_psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to mbedtls_psa_aead_update() so far is - * less than the plaintext length that was previously - * specified with mbedtls_psa_aead_set_lengths(). */ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, @@ -590,24 +550,11 @@ psa_status_t mbedtls_psa_aead_finish( * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculations were successful, but the authentication tag is * not correct. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be an active decryption - * operation with a nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p plaintext buffer is too small. * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the * required buffer size. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to mbedtls_psa_aead_update_ad() so far is - * less than the additional data length that was previously - * specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The total length of input to mbedtls_psa_aead_update() so far is - * less than the plaintext length that was previously - * specified with mbedtls_psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * (CCM only) Failed to allocate temporary buffer */ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, From 388f606acd2faabeceb89c9a62d1c22a5263b00b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 3 Jun 2021 19:19:49 +0100 Subject: [PATCH 064/195] Use correct size defines for buffers Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 58 +++++++++++++-------- 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0f9093c7a..e42015833 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3170,14 +3170,15 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, unsigned char *part_data = NULL; unsigned char *final_data = NULL; size_t output_size = 0; + size_t finish_output_size; size_t part_data_size = 0; size_t output_length = 0; size_t key_bits = 0; size_t tag_length = 0; size_t tag_size = 0; size_t nonce_length = 0; - uint8_t nonce_buffer[16]; - uint8_t tag_buffer[16]; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; @@ -3198,7 +3199,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - TEST_ASSERT( tag_length <= 16 ); + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( input_data->len + @@ -3206,9 +3207,13 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, ASSERT_ALLOC( output_data, output_size ); - ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - operation = psa_aead_operation_init(); + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); status = psa_aead_encrypt_setup( &operation, key, alg ); @@ -3319,7 +3324,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, } PSA_ASSERT( psa_aead_finish( &operation, final_data, - PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + finish_output_size, &output_part_length, tag_buffer, tag_length, &tag_size ) ); @@ -3381,6 +3386,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, unsigned char *final_data = NULL; size_t part_data_size; size_t output_size = 0; + size_t finish_output_size = 0; size_t output_length = 0; unsigned char *output_data2 = NULL; size_t output_size2 = 0; @@ -3389,8 +3395,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, size_t tag_length = 0; size_t tag_size = 0; size_t nonce_length = 0; - uint8_t nonce_buffer[16]; - uint8_t tag_buffer[16]; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; @@ -3413,14 +3419,19 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - TEST_ASSERT( tag_length <= 16 ); + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); ASSERT_ALLOC( output_data, output_size ); - ASSERT_ALLOC( final_data, PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - operation = psa_aead_operation_init(); + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); status = psa_aead_encrypt_setup( &operation, key, alg ); @@ -3567,7 +3578,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, } status = psa_aead_finish( &operation, final_data, - PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + finish_output_size, &output_part_length, tag_buffer, tag_length, &tag_size ); @@ -3612,7 +3623,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + tag_length ) ); - operation = psa_aead_operation_init(); + operation = psa_aead_operation_init( ); status = psa_aead_decrypt_setup( &operation, key, alg ); @@ -3735,7 +3746,7 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, } PSA_ASSERT( psa_aead_verify( &operation, final_data, - PSA_AEAD_FINISH_OUTPUT_MAX_SIZE, + finish_output_size, &output_part_length, tag_buffer, tag_length ) ); @@ -3782,11 +3793,12 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, unsigned char *final_data = NULL; size_t part_data_size; size_t output_size = 0; + size_t verify_output_size = 0; size_t output_length = 0; size_t key_bits = 0; size_t tag_length = 0; size_t nonce_length = 0; - uint8_t nonce_buffer[16]; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; @@ -3813,9 +3825,12 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, tag_length ) ); ASSERT_ALLOC( output_data, output_size ); - ASSERT_ALLOC( final_data, PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); - operation = psa_aead_operation_init(); + verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + ASSERT_ALLOC( final_data, verify_output_size ); + + operation = psa_aead_operation_init( ); status = psa_aead_decrypt_setup( &operation, key, alg ); @@ -3963,11 +3978,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, } status = psa_aead_verify( &operation, final_data, - PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE, - &output_part_length, - ( input_data->x + input_data->len - - tag_length ), - tag_length ); + verify_output_size, + &output_part_length, + ( input_data->x + input_data->len - tag_length ), + tag_length ); if( status != PSA_SUCCESS ) { From 8eb9dafda1a298ef9113e8656c83b8c59ac2e147 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 4 Jun 2021 16:42:21 +0100 Subject: [PATCH 065/195] Add generate nonce test Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- tests/suites/test_suite_psa_crypto.data | 20 +++++ tests/suites/test_suite_psa_crypto.function | 98 +++++++++++++-------- 3 files changed, 82 insertions(+), 38 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e82412346..8dc6aad53 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3547,7 +3547,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t required_nonce_size; - *nonce_length = 0; + *nonce_length = 0; if( operation->id == 0 ) { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5f87774bb..f9ce85e59 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2374,6 +2374,26 @@ PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT +PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:PSA_SUCCESS + +PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:PSA_SUCCESS + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:PSA_ERROR_BUFFER_TOO_SMALL + +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e42015833..35b976069 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3176,8 +3176,6 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, size_t key_bits = 0; size_t tag_length = 0; size_t tag_size = 0; - size_t nonce_length = 0; - uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; @@ -3228,17 +3226,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, PSA_ASSERT( status ); - if( nonce->len == 0 ) - { - PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, - sizeof( nonce_buffer ), - &nonce_length ) ); - } - else - { - nonce_length = nonce->len; - PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - } + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation.alg == PSA_ALG_GCM ) @@ -3450,17 +3438,8 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, goto exit; } - if( nonce->len == 0 ) - { - status = psa_aead_generate_nonce( &operation, nonce_buffer, - sizeof( nonce_buffer ), - &nonce_length ); - } - else - { - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - } + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); if( status != PSA_SUCCESS ) { @@ -3797,8 +3776,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, size_t output_length = 0; size_t key_bits = 0; size_t tag_length = 0; - size_t nonce_length = 0; - uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; @@ -3849,17 +3826,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, goto exit; } - if( nonce->len == 0 ) - { - status = psa_aead_generate_nonce( &operation, nonce_buffer, - sizeof( nonce_buffer ), - &nonce_length ); - } - else - { - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - } + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); if( status != PSA_SUCCESS ) { @@ -4022,6 +3989,63 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_len, + int expected_result_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + size_t nonce_generated_len = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len ); + } + + PSA_ASSERT( status ); + + TEST_ASSERT( nonce_len < PSA_AEAD_NONCE_MAX_SIZE ); + + status = psa_aead_generate_nonce( &operation, nonce_buffer, + nonce_len, + &nonce_generated_len ); + + TEST_ASSERT( status == expected_result_arg ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, From d3f824136901470cdffeb7f9ceb20646e9599169 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 16 Jun 2021 16:52:21 +0100 Subject: [PATCH 066/195] Add multipart tests Test range of multipart sizes for all tests, rather than having to define specific tests. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 132 +- tests/suites/test_suite_psa_crypto.function | 1677 ++++++++++--------- 2 files changed, 978 insertions(+), 831 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f9ce85e59..ea54dcc1b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2112,267 +2112,267 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091 PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":-1:"0C0D0E0F101112131415161718191A1B1C1D1E":-1:PSA_SUCCESS +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":-1:"B96B49E21D621741632875DB7F6C9243D2D7C2":-1:PSA_SUCCESS +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":-1:"":-1:"f149e2b5f0adaa9842ca5f45b768a8fc" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:"f149e2b5f0adaa9842ca5f45b768a8fc" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":-1:"":-1:"204bdb1bd62154bf08922aaa54eed705" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:"204bdb1bd62154bf08922aaa54eed705" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":-1:"":-1:"1b2d2764573e20ae640bf29d48e5fe05" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:"1b2d2764573e20ae640bf29d48e5fe05" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":-1:"":-1:"77e5682a49243d5b9016eb1adafa2d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:"77e5682a49243d5b9016eb1adafa2d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":-1:"d2ae38c4375954835d75b8e4c2f9bbb4":-1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":-1:"d3f3f57033df30c22860231334b099cb":-1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":-1:"e7fb0631eebf9bdba87045b33650c4ce":-1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":-1:"636871d4c0aae3da7b55abd8b5f21297":-1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":-1:"3d952be11deb421b56e0ce9d7ce99553":-1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":-1:"fdd8a462c86d4365c8bfee0e25fc8a62":-1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":-1:"":-1:"bdc1ac884d332457a1d2664f168c76f0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:"bdc1ac884d332457a1d2664f168c76f0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":-1:"":-1:"2fb9c3e41fff24ef07437c47" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:"2fb9c3e41fff24ef07437c47" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":-1:"":-1:"f6d47505ec96c98a42dc3ae719877b87" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:"f6d47505ec96c98a42dc3ae719877b87" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":-1:"":-1:"5233f95bdcf5d666fb957acdcb" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:"5233f95bdcf5d666fb957acdcb" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":-1:"":-1:"d57e27914ecb4a764359d3c0f8d4d6" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:"d57e27914ecb4a764359d3c0f8d4d6" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":-1:"":-1:"72901467" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:"72901467" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":-1:"722ee47da4b77424733546c2d400c4e5":-1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":-1:"bcf48ddcfe9d011a1003973d68d2d78a":-1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":-1:"c37aada3d4408e880d47e41df77da9b9":-1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":-1:"e5f410fe939e79b7ad33fbd3aaf5856f":-1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":-1:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":-1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":-1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":-1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":-1:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":-1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":-1:"db1a74ffb5f7de26f5742e0942b1b9cb":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":-1:"434ff68f2436f48418fd69f52158":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":-1:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":-1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":-1:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":-1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":-1:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":-1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":-1:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":-1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":-1:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":-1:"496909523f574b205d757659c5":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":-1:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":-1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":-1:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":-1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":-1:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":-1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":-1:"15e051a5e4a5f5da6cea92e2ebee5bac":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":-1:"84c8beff4b0d160ee68ac613097f51":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":-1:"8d6351f18d873242204c20144e2b83":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":-1:"3bfd3d99fe2063e8ef8255519fe0":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":-1:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":-1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":-1:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":-1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":-1:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":-1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":-1:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":-1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":-1:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":-1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":-1:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":-1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:"a0784d7a4716f3feb4f64e7f4b39bf04" PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":-1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":-1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":-1:"a0784d7a4716f3feb4f64e7f4b39bf04":-1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":-1:"":-1:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:PSA_ERROR_INVALID_ARGUMENT PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 35b976069..576d46700 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -264,6 +264,845 @@ typedef enum { DERIVE_KEY = 2 } generate_method; +static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + data_t *expected_result ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size; + size_t part_data_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len + + tag_length ) ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + } +#endif + + if( ad_part_len != -1 ) + { + /* Pass additional data in parts */ + part_offset = 0; + + while( part_offset < additional_data->len ) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + part_offset, + part_length ) ); + + part_offset += part_length; + } + } + else + { + /* Pass additional data in one go. */ + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset < input_data->len ) + { + if( input_data->len - part_offset < ( uint32_t ) data_part_len ) + { + part_length = input_data->len - part_offset; + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, + &output_part_length ) ); + + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); + } + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + /* Pass whole data in one go */ + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + } + + PSA_ASSERT( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ) ); + + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, + output_part_length ); + } + + TEST_EQUAL( tag_length, tag_size ); + + output_length += output_part_length; + + if( output_data && tag_length ) + { + memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + } + + output_length += tag_length; + + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( output_length, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + + ASSERT_COMPARE( expected_result->x, expected_result->len, + output_data, output_length ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); + + return( status ); +} + +void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + data_t *expected_data, + int expected_result_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t part_data_size; + size_t output_size = 0; + size_t verify_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t expected_result = expected_result_arg; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len - + tag_length ) ); + + ASSERT_ALLOC( output_data, output_size ); + + verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + ASSERT_ALLOC( final_data, verify_output_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, + ( input_data->len - tag_length ) ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset < additional_data->len ) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + status = psa_aead_update_ad( &operation, + additional_data->x + part_offset, + part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + part_offset += part_length; + } + } + else + { + status = psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset < ( input_data->len - tag_length) ) + { + if( (input_data->len - tag_length - part_offset ) < + ( uint32_t ) data_part_len ) + { + part_length = ( input_data->len - tag_length - part_offset ); + } + else + { + part_length = data_part_len; + } + + status = psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); + } + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + status = psa_aead_update( &operation, input_data->x, + ( input_data->len - tag_length ), output_data, + output_size, &output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + } + + status = psa_aead_verify( &operation, final_data, + verify_output_size, + &output_part_length, + ( input_data->x + input_data->len - tag_length ), + tag_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_result_arg ); + goto exit; + } + + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, + output_part_length ); + } + + output_length += output_part_length; + + if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) + { + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( output_length, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + + if( expected_result == PSA_SUCCESS ) + { + ASSERT_COMPARE( expected_data->x, expected_data->len, + output_data, output_length ); + } + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} + +void aead_multipart_encrypt_decrypt_internal( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *part_data = NULL; + unsigned char *final_data = NULL; + size_t part_data_size; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + unsigned char *output_data2 = NULL; + size_t output_size2 = 0; + size_t output_length2 = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + uint32_t part_offset = 0; + size_t part_length = 0; + size_t output_part_length = 0; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset < additional_data->len ) + { + if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + status = psa_aead_update_ad( &operation, + additional_data->x + part_offset, + part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + + part_offset += part_length; + } + } + else + { + status = psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset < input_data->len ) + { + if( input_data->len - part_offset < ( uint32_t ) data_part_len ) + { + part_length = input_data->len - part_offset; + } + else + { + part_length = data_part_len; + } + + status = psa_aead_update( &operation, + ( input_data->x + part_offset ), + part_length, part_data, + part_data_size, &output_part_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + + if( output_data && output_part_length ) + { + memcpy( ( output_data + part_offset ), part_data, + output_part_length ); + } + + part_offset += part_length; + output_length += output_part_length; + } + } + else + { + status = psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + } + + status = psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + goto exit; + } + + if( output_data && output_part_length ) + { + memcpy( ( output_data + output_length ), final_data, + output_part_length ); + } + + output_length += output_part_length; + + /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE + * should be exact. */ + if( expected_status != PSA_ERROR_INVALID_ARGUMENT ) + { + TEST_EQUAL( ( output_length + tag_length ), + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + } + + TEST_EQUAL( tag_length, tag_size ); + + if( PSA_SUCCESS == expected_status ) + { + output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + output_length ); + ASSERT_ALLOC( output_data2, output_size2 ); + + /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE + * should be exact. */ + TEST_EQUAL( input_data->len, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + ( output_length + + tag_length ) ) ); + + TEST_ASSERT( input_data->len <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + + tag_length ) ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, + nonce->len ); + } + + TEST_EQUAL( status, expected_status ); + + if( nonce->len == 0 ) + { + /* Use previously generated nonce. */ + status = psa_aead_set_nonce( &operation, nonce_buffer, + nonce_length ); + } + else + { + nonce_length = nonce->len; + status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); + } + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status); + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation.alg == PSA_ALG_GCM ) + { + status = psa_aead_set_lengths( &operation, additional_data->len, + output_length ); + + if( status != PSA_SUCCESS ) + { + TEST_EQUAL( status, expected_status ); + } + } +#endif + + if( ad_part_len != -1 ) + { + part_offset = 0; + + while( part_offset < additional_data->len ) + { + if( additional_data->len - part_offset < + ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } + + PSA_ASSERT( psa_aead_update_ad( &operation, + additional_data->x + + part_offset, + part_length ) ); + + part_offset += part_length; + } + } + else + { + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + } + + if( data_part_len != -1 ) + { + /* Pass data in parts */ + part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( size_t ) data_part_len ); + + part_data = NULL; + ASSERT_ALLOC( part_data, part_data_size ); + + part_offset = 0; + + while( part_offset < output_length ) + { + if( ( output_length - part_offset ) < + ( uint32_t ) data_part_len ) + { + part_length = ( output_length - part_offset ); + } + else + { + part_length = data_part_len; + } + + PSA_ASSERT( psa_aead_update( &operation, + ( output_data + part_offset ), + part_length, part_data, + part_data_size, + &output_part_length ) ); + + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + part_offset ), + part_data, output_part_length ); + } + + part_offset += part_length; + output_length2 += output_part_length; + } + } + else + { + PSA_ASSERT( psa_aead_update( &operation, output_data, + output_length, output_data2, + output_size2, &output_length2 ) ); + } + + PSA_ASSERT( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length ) ); + + if( output_data2 && output_part_length ) + { + memcpy( ( output_data2 + output_length2 ), final_data, + output_part_length ); + } + + output_length2 += output_part_length; + + ASSERT_COMPARE( input_data->x, input_data->len, + output_data2, output_length2 ); + } + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( output_data2 ); + mbedtls_free( part_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -3157,201 +3996,46 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int ad_part_len, + int test_ad_mp_arg, data_t *input_data, - int data_part_len, - data_t *expected_result ) + int test_data_mp_arg, + data_t *expected_result_arg ) { - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t key_type = key_type_arg; - psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; - unsigned char *output_data = NULL; - unsigned char *part_data = NULL; - unsigned char *final_data = NULL; - size_t output_size = 0; - size_t finish_output_size; - size_t part_data_size = 0; - size_t output_length = 0; - size_t key_bits = 0; - size_t tag_length = 0; - size_t tag_size = 0; - uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; - uint32_t part_offset = 0; - size_t part_length = 0; - size_t output_part_length = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; + size_t ad_part_len = 0; + size_t data_part_len = 0; - PSA_ASSERT( psa_crypto_init( ) ); - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_bits = psa_get_key_bits( &attributes ); - - tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - - TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); - - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len + - tag_length ) ); - - ASSERT_ALLOC( output_data, output_size ); - - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - - ASSERT_ALLOC( final_data, finish_output_size ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_encrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) + if( test_ad_mp_arg == 1 ) { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); - } - - PSA_ASSERT( status ); - - PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ) ); - } -#endif - - if( ad_part_len != -1 ) - { - /* Pass addtional data in parts */ - part_offset = 0; - - while( part_offset <= additional_data->len) + for( ad_part_len = 1; ad_part_len <= additional_data->len; + ad_part_len++ ) { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } + mbedtls_test_set_step( ad_part_len ); - PSA_ASSERT( psa_aead_update_ad( &operation, - additional_data->x + part_offset, - part_length ) ); - - part_offset += part_length; + aead_multipart_encrypt_internal( key_type_arg, key_data, + alg_arg,nonce, + additional_data, + ad_part_len, + input_data, -1, + expected_result_arg ); } } - else + + if( test_data_mp_arg == 1 ) { - /* Pass additional data in one go. */ - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, - additional_data->len) ); - } - - if( data_part_len != -1 ) - { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset <= input_data->len) + for( data_part_len = 1; data_part_len <= input_data->len; + data_part_len++ ) { - if( input_data->len - part_offset < ( uint32_t ) data_part_len ) - { - part_length = input_data->len - part_offset; - } - else - { - part_length = data_part_len; - } - - PSA_ASSERT( psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, - &output_part_length ) ); - - if( output_data && output_part_length ) - { - memcpy( ( output_data + part_offset ), part_data, - output_part_length ); - } - - part_offset += part_length; - output_length += output_part_length; + aead_multipart_encrypt_internal( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + expected_result_arg ); } } - else - { - /* Pass whole data in one go */ - PSA_ASSERT( psa_aead_update( &operation, input_data->x, - input_data->len, output_data, - output_size, &output_length ) ); - } - PSA_ASSERT( psa_aead_finish( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length, - &tag_size ) ); - - if( output_data && output_part_length ) - { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); - } - - TEST_EQUAL(tag_length, tag_size); - - output_length += output_part_length; - - if( output_data && tag_length ) - { - memcpy( ( output_data + output_length ), tag_buffer, tag_length ); - } - - output_length += tag_length; - - /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( output_length, - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - TEST_ASSERT( output_length <= - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); - - ASSERT_COMPARE( expected_result->x, expected_result->len, - output_data, output_length ); + goto exit; exit: - psa_destroy_key( key ); - psa_aead_abort( &operation ); - mbedtls_free( output_data ); - mbedtls_free( part_data ); - mbedtls_free( final_data ); - PSA_DONE( ); } /* END_CASE */ @@ -3360,395 +4044,46 @@ void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int ad_part_len, + int test_ad_mp_arg, data_t *input_data, - int data_part_len, - int expected_result_arg ) + int test_data_mp_arg, + int expected_status_arg ) { - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t key_type = key_type_arg; - psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; - unsigned char *output_data = NULL; - unsigned char *part_data = NULL; - unsigned char *final_data = NULL; - size_t part_data_size; - size_t output_size = 0; - size_t finish_output_size = 0; - size_t output_length = 0; - unsigned char *output_data2 = NULL; - size_t output_size2 = 0; - size_t output_length2 = 0; - size_t key_bits = 0; - size_t tag_length = 0; - size_t tag_size = 0; - size_t nonce_length = 0; - uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; - uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; - uint32_t part_offset = 0; - size_t part_length = 0; - size_t output_part_length = 0; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_status_t expected_result = expected_result_arg; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t ad_part_len = 0; + size_t data_part_len = 0; - PSA_ASSERT( psa_crypto_init( ) ); - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_bits = psa_get_key_bits( &attributes ); - - tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - - TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); - - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); - - ASSERT_ALLOC( output_data, output_size ); - - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - - ASSERT_ALLOC( final_data, finish_output_size ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_encrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) + if( test_ad_mp_arg == 1 ) { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ); - - if( status != PSA_SUCCESS ) + for( ad_part_len = 1; ad_part_len <= additional_data->len; + ad_part_len++ ) { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - } -#endif + mbedtls_test_set_step( ad_part_len ); - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset <= additional_data->len) - { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - status = psa_aead_update_ad( &operation, - additional_data->x + part_offset, - part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - part_offset += part_length; - } - } - else - { - status = psa_aead_update_ad(&operation, additional_data->x, - additional_data->len); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; + aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + expected_status_arg ); } } - if( data_part_len != -1 ) + if( test_data_mp_arg == 1 ) { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset <= input_data->len) + for( data_part_len = 1; data_part_len <= input_data->len; + data_part_len++ ) { - if( input_data->len - part_offset < ( uint32_t ) data_part_len ) - { - part_length = input_data->len - part_offset; - } - else - { - part_length = data_part_len; - } - - status = psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, &output_part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + part_offset ), part_data, - output_part_length ); - } - - part_offset += part_length; - output_length += output_part_length; - } - } - else - { - status = psa_aead_update( &operation, input_data->x, - input_data->len, output_data, - output_size, &output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; + aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + expected_status_arg ); } } - status = psa_aead_finish( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length, - &tag_size ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data &&output_part_length ) - { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); - } - - output_length += output_part_length; - - /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE - * should be exact. */ - if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) - TEST_EQUAL( ( output_length + tag_length ), - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - - TEST_EQUAL(tag_length, tag_size); - - if( PSA_SUCCESS == expected_result ) - { - output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - output_length ); - ASSERT_ALLOC( output_data2, output_size2 ); - - /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( input_data->len, - PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, - ( output_length + - tag_length ) ) ); - - TEST_ASSERT( input_data->len <= - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + - tag_length ) ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_decrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) - { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, - nonce->len ); - } - - TEST_EQUAL( status, expected_result ); - - if( nonce->len == 0 ) - { - /* Use previously generated nonce. */ - status = psa_aead_set_nonce( &operation, nonce_buffer, - nonce_length ); - } - else - { - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - } - } -#endif - - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset <= additional_data->len) - { - if( additional_data->len - part_offset < - ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - PSA_ASSERT( psa_aead_update_ad( &operation, - additional_data->x + - part_offset, - part_length ) ); - - part_offset += part_length; - } - } - else - { - PSA_ASSERT( psa_aead_update_ad(&operation, additional_data->x, - additional_data->len) ); - } - - if( data_part_len != -1 ) - { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset <= ( input_data->len - tag_length ) ) - { - if( ( input_data->len - tag_length - part_offset ) < - ( uint32_t ) data_part_len ) - { - part_length = - ( input_data->len - tag_length - part_offset ); - } - else - { - part_length = data_part_len; - } - - PSA_ASSERT( psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, - &output_part_length ) ); - - if( output_data2 && output_part_length ) - { - memcpy( ( output_data2 + part_offset ), - part_data, output_part_length ); - } - - part_offset += part_length; - output_length2 += output_part_length; - } - } - else - { - PSA_ASSERT( psa_aead_update( &operation, output_data, - output_length, output_data2, - output_size2, &output_length2 ) ); - } - - PSA_ASSERT( psa_aead_verify( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length ) ); - - if( output_data2 && output_part_length ) - { - memcpy( ( output_data2 + output_length2 ), final_data, - output_part_length); - } - - output_length2 += output_part_length; - - ASSERT_COMPARE( input_data->x, input_data->len, - output_data2, output_length2 ); - } + goto exit; exit: - psa_destroy_key( key ); - psa_aead_abort( &operation ); - mbedtls_free( output_data ); - mbedtls_free( output_data2 ); - mbedtls_free( part_data ); - mbedtls_free( final_data ); - PSA_DONE( ); } /* END_CASE */ @@ -3757,235 +4092,47 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int ad_part_len, + int test_ad_mp_arg, data_t *input_data, - int data_part_len, + int test_data_mp_arg, data_t *expected_data, - int expected_result_arg ) + int expected_status ) { - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t key_type = key_type_arg; - psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; - unsigned char *output_data = NULL; - unsigned char *part_data = NULL; - unsigned char *final_data = NULL; - size_t part_data_size; - size_t output_size = 0; - size_t verify_output_size = 0; - size_t output_length = 0; - size_t key_bits = 0; - size_t tag_length = 0; - uint32_t part_offset = 0; - size_t part_length = 0; - size_t output_part_length = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t expected_result = expected_result_arg; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; + size_t ad_part_len = 0; + size_t data_part_len = 0; - PSA_ASSERT( psa_crypto_init( ) ); - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_bits = psa_get_key_bits( &attributes ); - - tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len - - tag_length ) ); - - ASSERT_ALLOC( output_data, output_size ); - - verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( final_data, verify_output_size ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_decrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) + if( test_ad_mp_arg == 1 ) { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - ( input_data->len - tag_length ) ); - - if( status != PSA_SUCCESS ) + for( ad_part_len = 1; ad_part_len <= additional_data->len; + ad_part_len++ ) { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - } -#endif + mbedtls_test_set_step( ad_part_len ); - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset <= additional_data->len) - { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - status = psa_aead_update_ad( &operation, - additional_data->x + part_offset, - part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - part_offset += part_length; - } - } - else - { - status = psa_aead_update_ad( &operation, additional_data->x, - additional_data->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; + aead_multipart_decrypt_internal( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + expected_data, expected_status ); } } - if( data_part_len != -1 ) + if( test_data_mp_arg == 1 ) { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset <= input_data->len) + for( data_part_len = 1; data_part_len <= input_data->len; + data_part_len++ ) { - if( (input_data->len - tag_length - part_offset ) < - ( uint32_t ) data_part_len ) - { - part_length = ( input_data->len - tag_length - part_offset ); - } - else - { - part_length = data_part_len; - } - - status = psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, &output_part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + part_offset ), part_data, - output_part_length ); - } - - part_offset += part_length; - output_length += output_part_length; - } - } - else - { - status = psa_aead_update( &operation, input_data->x, - ( input_data->len - tag_length ), output_data, - output_size, &output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; + aead_multipart_decrypt_internal( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + expected_data, expected_status ); } } - status = psa_aead_verify( &operation, final_data, - verify_output_size, - &output_part_length, - ( input_data->x + input_data->len - tag_length ), - tag_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); - } - - output_length += output_part_length; - - if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) - { - /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( output_length, - PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - TEST_ASSERT( output_length <= - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); - } - - if( expected_result == PSA_SUCCESS ) - ASSERT_COMPARE( expected_data->x, expected_data->len, - output_data, output_length ); + goto exit; exit: - psa_destroy_key( key ); - psa_aead_abort( &operation ); - mbedtls_free( output_data ); - mbedtls_free( part_data ); - mbedtls_free( final_data ); - PSA_DONE( ); } /* END_CASE */ From c23a9a07995ec09b941e7606ea0f1d3f654b63ca Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 21 Jun 2021 18:32:46 +0100 Subject: [PATCH 067/195] Add state checks for multipart AEAD Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 + tests/suites/test_suite_psa_crypto.function | 282 ++++++++++++++++++++ 2 files changed, 286 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ea54dcc1b..b74a959bb 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2394,6 +2394,10 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL +PSA Multipart State Checks, AES - GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 576d46700..fdec30fb9 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4193,6 +4193,288 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_state_test( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t key_bits = 0; + size_t tag_length = 0; + size_t tag_size = 0; + size_t nonce_length = 0; + uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + size_t output_part_length = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( & attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( & attributes, alg ); + psa_set_key_type( & attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); + + TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + /* Test all operations error without calling setup first. */ + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setups. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not setting a nonce. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for double setting nonce. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths twice. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for setting lengths after already starting data. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data (encrypt) */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data or data (decrypt) */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for not sending any additional data. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test sending additional data after data. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void signature_size( int type_arg, int bits, From 1c96429282399ace521d3762ab81b5958e88b835 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 21 Jun 2021 18:36:42 +0100 Subject: [PATCH 068/195] Remove encrypt/decrypt tests Tests were not really providing any more coverage than already provided. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 24 +- tests/suites/test_suite_psa_crypto.function | 446 -------------------- 2 files changed, 4 insertions(+), 466 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b74a959bb..49685b4f4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2110,22 +2110,6 @@ PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED -PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS - -PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes #2 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS - -PSA Multipart AEAD encrypt/decrypt, AES-GCM, 19 bytes, 12 byte nonce , 1 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"000102030405060708090A0B":0:"0C0D0E0F101112131415161718191A1B1C1D1E":1:PSA_SUCCESS - -PSA Multipart AEAD encrypt/decrypt, AES GCM, 19 bytes, 12 byte nonce , 2 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"E462C58482FE8264AEEB7231":"EC46BB63B02520C33C49FD70":0:"B96B49E21D621741632875DB7F6C9243D2D7C2":1:PSA_SUCCESS - PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" @@ -2366,13 +2350,13 @@ PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS -PSA Multipart AEAD encrypt/decrypt: invalid algorithm (CTR) +PSA Multipart AEAD decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart AEAD encrypt/decrypt: invalid algorithm (ChaCha20) +PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C -aead_multipart_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fdec30fb9..1a5c23e8e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -705,404 +705,6 @@ exit: PSA_DONE( ); } -void aead_multipart_encrypt_decrypt_internal( int key_type_arg, - data_t *key_data, - int alg_arg, - data_t *nonce, - data_t *additional_data, - int ad_part_len, - data_t *input_data, - int data_part_len, - int expected_status_arg ) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t key_type = key_type_arg; - psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; - unsigned char *output_data = NULL; - unsigned char *part_data = NULL; - unsigned char *final_data = NULL; - size_t part_data_size; - size_t output_size = 0; - size_t finish_output_size = 0; - size_t output_length = 0; - unsigned char *output_data2 = NULL; - size_t output_size2 = 0; - size_t output_length2 = 0; - size_t key_bits = 0; - size_t tag_length = 0; - size_t tag_size = 0; - size_t nonce_length = 0; - uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; - uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; - uint32_t part_offset = 0; - size_t part_length = 0; - size_t output_part_length = 0; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - psa_status_t expected_status = expected_status_arg; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - PSA_ASSERT( psa_crypto_init( ) ); - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_bits = psa_get_key_bits( &attributes ); - - tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - - TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); - - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); - - ASSERT_ALLOC( output_data, output_size ); - - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - - ASSERT_ALLOC( final_data, finish_output_size ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_encrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) - { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - } -#endif - - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset < additional_data->len ) - { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - status = psa_aead_update_ad( &operation, - additional_data->x + part_offset, - part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - - part_offset += part_length; - } - } - else - { - status = psa_aead_update_ad( &operation, additional_data->x, - additional_data->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - } - - if( data_part_len != -1 ) - { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset < input_data->len ) - { - if( input_data->len - part_offset < ( uint32_t ) data_part_len ) - { - part_length = input_data->len - part_offset; - } - else - { - part_length = data_part_len; - } - - status = psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, &output_part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + part_offset ), part_data, - output_part_length ); - } - - part_offset += part_length; - output_length += output_part_length; - } - } - else - { - status = psa_aead_update( &operation, input_data->x, - input_data->len, output_data, - output_size, &output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - } - - status = psa_aead_finish( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length, - &tag_size ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); - } - - output_length += output_part_length; - - /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE - * should be exact. */ - if( expected_status != PSA_ERROR_INVALID_ARGUMENT ) - { - TEST_EQUAL( ( output_length + tag_length ), - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - } - - TEST_EQUAL( tag_length, tag_size ); - - if( PSA_SUCCESS == expected_status ) - { - output_size2 = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - output_length ); - ASSERT_ALLOC( output_data2, output_size2 ); - - /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( input_data->len, - PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, - ( output_length + - tag_length ) ) ); - - TEST_ASSERT( input_data->len <= - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length + - tag_length ) ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_decrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) - { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, - nonce->len ); - } - - TEST_EQUAL( status, expected_status ); - - if( nonce->len == 0 ) - { - /* Use previously generated nonce. */ - status = psa_aead_set_nonce( &operation, nonce_buffer, - nonce_length ); - } - else - { - nonce_length = nonce->len; - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status); - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_status ); - } - } -#endif - - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset < additional_data->len ) - { - if( additional_data->len - part_offset < - ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - PSA_ASSERT( psa_aead_update_ad( &operation, - additional_data->x + - part_offset, - part_length ) ); - - part_offset += part_length; - } - } - else - { - PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, - additional_data->len ) ); - } - - if( data_part_len != -1 ) - { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - part_data = NULL; - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset < output_length ) - { - if( ( output_length - part_offset ) < - ( uint32_t ) data_part_len ) - { - part_length = ( output_length - part_offset ); - } - else - { - part_length = data_part_len; - } - - PSA_ASSERT( psa_aead_update( &operation, - ( output_data + part_offset ), - part_length, part_data, - part_data_size, - &output_part_length ) ); - - if( output_data2 && output_part_length ) - { - memcpy( ( output_data2 + part_offset ), - part_data, output_part_length ); - } - - part_offset += part_length; - output_length2 += output_part_length; - } - } - else - { - PSA_ASSERT( psa_aead_update( &operation, output_data, - output_length, output_data2, - output_size2, &output_length2 ) ); - } - - PSA_ASSERT( psa_aead_verify( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length ) ); - - if( output_data2 && output_part_length ) - { - memcpy( ( output_data2 + output_length2 ), final_data, - output_part_length ); - } - - output_length2 += output_part_length; - - ASSERT_COMPARE( input_data->x, input_data->len, - output_data2, output_length2 ); - } - -exit: - psa_destroy_key( key ); - psa_aead_abort( &operation ); - mbedtls_free( output_data ); - mbedtls_free( output_data2 ); - mbedtls_free( part_data ); - mbedtls_free( final_data ); - PSA_DONE( ); -} - /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -4039,54 +3641,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void aead_multipart_encrypt_decrypt( int key_type_arg, data_t *key_data, - int alg_arg, - data_t *nonce, - data_t *additional_data, - int test_ad_mp_arg, - data_t *input_data, - int test_data_mp_arg, - int expected_status_arg ) -{ - size_t ad_part_len = 0; - size_t data_part_len = 0; - - if( test_ad_mp_arg == 1 ) - { - for( ad_part_len = 1; ad_part_len <= additional_data->len; - ad_part_len++ ) - { - mbedtls_test_set_step( ad_part_len ); - - aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - expected_status_arg ); - } - } - - if( test_data_mp_arg == 1 ) - { - for( data_part_len = 1; data_part_len <= input_data->len; - data_part_len++ ) - { - aead_multipart_encrypt_decrypt_internal( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - expected_status_arg ); - } - } - - goto exit; - -exit: -} -/* END_CASE */ - /* BEGIN_CASE */ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, int alg_arg, From 5e3bb131114fd6c72794ac46c3a050395ea9a3e9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 16:22:13 +0100 Subject: [PATCH 069/195] Add set_lengths argument to all tests. Run all tests that do not require set_lengths with and without setting lengths. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 340 ++++++++++++++++---- tests/suites/test_suite_psa_crypto.function | 16 +- 2 files changed, 288 insertions(+), 68 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 49685b4f4..7fe94495b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2112,251 +2112,467 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:"f149e2b5f0adaa9842ca5f45b768a8fc" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:0:"f149e2b5f0adaa9842ca5f45b768a8fc" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:1:"f149e2b5f0adaa9842ca5f45b768a8fc" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:"204bdb1bd62154bf08922aaa54eed705" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:0:"204bdb1bd62154bf08922aaa54eed705" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:1:"204bdb1bd62154bf08922aaa54eed705" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:"1b2d2764573e20ae640bf29d48e5fe05" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:0:"1b2d2764573e20ae640bf29d48e5fe05" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:1:"1b2d2764573e20ae640bf29d48e5fe05" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:"77e5682a49243d5b9016eb1adafa2d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:0:"77e5682a49243d5b9016eb1adafa2d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:1:"77e5682a49243d5b9016eb1adafa2d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:"bdc1ac884d332457a1d2664f168c76f0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:0:"bdc1ac884d332457a1d2664f168c76f0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:1:"bdc1ac884d332457a1d2664f168c76f0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:"2fb9c3e41fff24ef07437c47" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:0:"2fb9c3e41fff24ef07437c47" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:1:"2fb9c3e41fff24ef07437c47" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:"f6d47505ec96c98a42dc3ae719877b87" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:0:"f6d47505ec96c98a42dc3ae719877b87" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:1:"f6d47505ec96c98a42dc3ae719877b87" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:"5233f95bdcf5d666fb957acdcb" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:0:"5233f95bdcf5d666fb957acdcb" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:1:"5233f95bdcf5d666fb957acdcb" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:"d57e27914ecb4a764359d3c0f8d4d6" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:0:"d57e27914ecb4a764359d3c0f8d4d6" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:1:"d57e27914ecb4a764359d3c0f8d4d6" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:"72901467" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:0:"72901467" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:1:"72901467" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" + +PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS + +PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA Multipart AEAD decrypt, AES-GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS + +PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:"a0784d7a4716f3feb4f64e7f4b39bf04" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:0:"a0784d7a4716f3feb4f64e7f4b39bf04" + +PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04" PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:"":PSA_SUCCESS +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":PSA_SUCCESS + +PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":PSA_SUCCESS PSA Multipart AEAD decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1a5c23e8e..2a2f2e61c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -272,6 +272,7 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, int ad_part_len, data_t *input_data, int data_part_len, + int test_set_lengths_arg, data_t *expected_result ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; @@ -340,13 +341,11 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) + if( test_set_lengths_arg ) { PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ) ); } -#endif if( ad_part_len != -1 ) { @@ -475,6 +474,7 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, int ad_part_len, data_t *input_data, int data_part_len, + int test_set_lengths_arg, data_t *expected_data, int expected_result_arg ) { @@ -549,8 +549,7 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation.alg == PSA_ALG_GCM ) + if( test_set_lengths_arg ) { status = psa_aead_set_lengths( &operation, additional_data->len, ( input_data->len - tag_length ) ); @@ -561,7 +560,6 @@ void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, goto exit; } } -#endif if( ad_part_len != -1 ) { @@ -3601,6 +3599,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, int test_ad_mp_arg, data_t *input_data, int test_data_mp_arg, + int test_set_lengths_arg, data_t *expected_result_arg ) { size_t ad_part_len = 0; @@ -3618,6 +3617,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, additional_data, ad_part_len, input_data, -1, + test_set_lengths_arg, expected_result_arg ); } } @@ -3631,6 +3631,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, + test_set_lengths_arg, expected_result_arg ); } } @@ -3649,6 +3650,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, int test_ad_mp_arg, data_t *input_data, int test_data_mp_arg, + int test_set_lengths_arg, data_t *expected_data, int expected_status ) { @@ -3667,6 +3669,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, additional_data, ad_part_len, input_data, -1, + test_set_lengths_arg, expected_data, expected_status ); } } @@ -3680,6 +3683,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, + test_set_lengths_arg, expected_data, expected_status ); } } From 7220cae93c9dc5a820c18e1a9a2329f97c6256ec Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 17:25:57 +0100 Subject: [PATCH 070/195] Ensure generate nonce unavailable in decrypt Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 3 ++- library/psa_crypto.c | 9 ++++++++- tests/suites/test_suite_psa_crypto.function | 13 +++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 0f74c5481..e05c846ff 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -172,11 +172,12 @@ struct psa_aead_operation_s unsigned int lengths_set : 1; unsigned int ad_started : 1; unsigned int body_started : 1; + unsigned int is_encrypt : 1; psa_driver_aead_context_t ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8dc6aad53..aec22c79c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3469,7 +3469,10 @@ exit: status = unlock_status; if( status == PSA_SUCCESS ) + { operation->alg = psa_aead_get_base_algorithm( alg ); + operation->is_encrypt = 1; + } else psa_aead_abort( operation ); @@ -3531,7 +3534,10 @@ exit: status = unlock_status; if( status == PSA_SUCCESS ) + { operation->alg = psa_aead_get_base_algorithm( alg ); + operation->is_encrypt = 0; + } else psa_aead_abort( operation ); @@ -3556,7 +3562,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, } if( operation->nonce_set || operation->ad_started || - operation->body_started ) + operation->body_started || operation->is_encrypt == 0 ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3881,6 +3887,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) operation->lengths_set = 0; operation->ad_started = 0; operation->body_started = 0; + operation->is_encrypt = 0; return( status ); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2a2f2e61c..38545bccc 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3913,6 +3913,19 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test for generating nonce in decrypt setup. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + /* Test for setting lengths twice. */ operation = psa_aead_operation_init( ); From e4030f2cd181bd9885dd437d0aef419b5a3fb1be Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 17:36:55 +0100 Subject: [PATCH 071/195] Replace function with macro that already exists I wrote a function to determine the base algorithm given a variant, however this is already implemented by PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG Signed-off-by: Paul Elliott --- library/psa_crypto.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aec22c79c..9254f36e7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3398,20 +3398,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, /* Helper function to get the base algorithm from its variants. */ static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg) { - switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ) - { - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): - return( PSA_ALG_CCM ); - - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): - return( PSA_ALG_GCM ); - - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): - return( PSA_ALG_CHACHA20_POLY1305 ); - - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } + return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); } /* Set the key for a multipart authenticated encryption operation. */ From d89304ebb7f8ee28cf56adfa523cdbafcc48df26 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 17:47:09 +0100 Subject: [PATCH 072/195] Fix formatting issues Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9254f36e7..056d5515d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3396,7 +3396,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, } /* Helper function to get the base algorithm from its variants. */ -static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg) +static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) { return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); } @@ -3487,7 +3487,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->lengths_set || + if( operation->nonce_set || operation->lengths_set || operation->ad_started || operation->body_started ) { status = PSA_ERROR_BAD_STATE; From f88a565f183a8f24feff070115f46f1100e6971c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 17:53:45 +0100 Subject: [PATCH 073/195] Better tag size default for m-aead finish Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 056d5515d..7a7238cc6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3772,7 +3772,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *ciphertext_length = 0; - *tag_length = 0; + *tag_length = tag_size; if( operation->id == 0 ) { From 534d0b44847967fa82c2a25f2d87cfdc853d504b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 22 Jun 2021 19:15:20 +0100 Subject: [PATCH 074/195] Finish / Verify state checks Ensure finish only called when encrypting and verify only called for decrypting, and add tests to ensure this. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 +-- tests/suites/test_suite_psa_crypto.function | 35 +++++++++++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7a7238cc6..c1071b0f3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3780,7 +3780,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set ) + if( !operation->nonce_set || operation->is_encrypt == 0 ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3829,7 +3829,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, goto exit; } - if( !operation->nonce_set ) + if( !operation->nonce_set || operation->is_encrypt == 1 ) { status = PSA_ERROR_BAD_STATE; goto exit; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 38545bccc..67f239523 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4037,6 +4037,41 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test calling finish on decryption. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* Test calling verify on encryption. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATEcd ); + + psa_aead_abort( &operation ); + + exit: psa_destroy_key( key ); psa_aead_abort( &operation ); From 5b065cb8cd5386ccafd50b3de15ff022a9f25bd0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 08:33:22 +0100 Subject: [PATCH 075/195] Fix typo Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 67f239523..5c5c4572b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4067,7 +4067,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, &output_part_length, tag_buffer, tag_length ), - PSA_ERROR_BAD_STATEcd ); + PSA_ERROR_BAD_STATE ); psa_aead_abort( &operation ); From ad53dcc9752d3af49d9601445326b3a35f88b12f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 08:50:14 +0100 Subject: [PATCH 076/195] Move common final checks to function Signed-off-by: Paul Elliott --- library/psa_crypto.c | 51 ++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c1071b0f3..714e556b5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3760,6 +3760,18 @@ exit: return( status ); } +static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) +{ + if( operation->id == 0 || operation->nonce_set == 0 ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->lengths_set && (operation->ad_remaining != 0 || + operation->body_remaining != 0 ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + return( PSA_SUCCESS ); +} + /* Finish encrypting a message in a multipart AEAD operation. */ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, uint8_t *ciphertext, @@ -3774,25 +3786,17 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *ciphertext_length = 0; *tag_length = tag_size; - if( operation->id == 0 ) + status = psa_aead_final_checks( operation ); + + if( status != PSA_SUCCESS ) + goto exit; + + if( operation->is_encrypt == 0 ) { status = PSA_ERROR_BAD_STATE; goto exit; } - if( !operation->nonce_set || operation->is_encrypt == 0 ) - { - status = PSA_ERROR_BAD_STATE; - goto exit; - } - - if( operation->lengths_set && (operation->ad_remaining != 0 || - operation->body_remaining != 0 ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - status = psa_driver_wrapper_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, @@ -3823,24 +3827,21 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; - if( operation->id == 0 ) + status = psa_aead_final_checks( operation ); + + if( status != PSA_SUCCESS ) + goto exit; + + if( operation->is_encrypt == 1 ) { status = PSA_ERROR_BAD_STATE; goto exit; } - if( !operation->nonce_set || operation->is_encrypt == 1 ) - { - status = PSA_ERROR_BAD_STATE; - goto exit; - } + status = psa_aead_final_checks( operation ); - if( operation->lengths_set && (operation->ad_remaining != 0 || - operation->body_remaining != 0 ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; + if( status != PSA_SUCCESS ) goto exit; - } status = psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, From fcb5cdc954f4841cef7fb1840e51fad52e52f1ca Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 09:40:12 +0100 Subject: [PATCH 077/195] Add per function hits to driver wrappers Signed-off-by: Paul Elliott --- tests/include/test/drivers/aead.h | 15 +++++++++++++-- tests/src/drivers/test_driver_aead.c | 22 +++++++++++----------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 86c18d4d3..5eabf17de 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -34,12 +34,23 @@ typedef struct { * function call. */ psa_status_t forced_status; /* Count the amount of times AEAD driver functions are called. */ - unsigned long hits; + unsigned long hits_encrypt; + unsigned long hits_decrypt; + unsigned long hits_encrypt_setup; + unsigned long hits_decrypt_setup; + unsigned long hits_set_nonce; + unsigned long hits_set_lengths; + unsigned long hits_update_ad; + unsigned long hits_update; + unsigned long hits_finish; + unsigned long hits_verify; + unsigned long hits_abort; + /* Status returned by the last AEAD driver function call. */ psa_status_t driver_status; } mbedtls_test_driver_aead_hooks_t; -#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 } +#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } static inline mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks_init( void ) { diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 006d3327f..698353c5d 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -40,7 +40,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_encrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -71,7 +71,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_decrypt++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -99,7 +99,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_encrypt_setup++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -122,7 +122,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_decrypt_setup++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -144,7 +144,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( const uint8_t *nonce, size_t nonce_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_set_nonce++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -165,7 +165,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( size_t ad_length, size_t plaintext_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_set_lengths++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -187,7 +187,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( const uint8_t *input, size_t input_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_update_ad++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -211,7 +211,7 @@ psa_status_t mbedtls_test_transparent_aead_update( size_t output_size, size_t *output_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_update++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -237,7 +237,7 @@ psa_status_t mbedtls_test_transparent_aead_finish( size_t tag_size, size_t *tag_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_finish++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -263,7 +263,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( const uint8_t *tag, size_t tag_length ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_verify++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { @@ -283,7 +283,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( psa_status_t mbedtls_test_transparent_aead_abort( mbedtls_transparent_test_driver_aead_operation_t *operation ) { - mbedtls_test_driver_aead_hooks.hits++; + mbedtls_test_driver_aead_hooks.hits_abort++; if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS ) { From d7ab9f1260dc7419203f0153b12524a27afb2f32 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 09:52:19 +0100 Subject: [PATCH 078/195] Move the setting of id in driver wrappers Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 354477a9e..48410c0e1 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1458,26 +1458,25 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; status = mbedtls_test_transparent_aead_encrypt_setup( &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); - /* Declared with fallback == true */ - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; status = mbedtls_psa_aead_encrypt_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( status ); /* Add cases for opaque driver here */ @@ -1507,28 +1506,27 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; status = mbedtls_test_transparent_aead_decrypt_setup( &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); - /* Declared with fallback == true */ - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; status = mbedtls_psa_aead_decrypt_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( status ); /* Add cases for opaque driver here */ From 2007d70a5ae56e69306632752d14f6af544dfaf8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 09:56:55 +0100 Subject: [PATCH 079/195] Improve changelog Signed-off-by: Paul Elliott --- ChangeLog.d/add_psa_m_aead.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/add_psa_m_aead.txt b/ChangeLog.d/add_psa_m_aead.txt index 3ae58095b..fa4e7ac61 100644 --- a/ChangeLog.d/add_psa_m_aead.txt +++ b/ChangeLog.d/add_psa_m_aead.txt @@ -1,4 +1,3 @@ Features - * Added multipart AEAD API to the PSA Crypto API - * Added MbedTLS internal implementations of the PSA Crypto multipart AEAD API - supporting ChaChaPoly and GCM. CCM is not as yet supported. + * Implement the PSA multipart AEAD interface, currently supporting + ChaChaPoly and GCM. From 8fc45169f1b3c8ea54cb70bc33e67da665bcd1f3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 16:06:01 +0100 Subject: [PATCH 080/195] Fix compiler errors on many platforms. Also added comment to explain why I added a seemingly pointless goto Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5c5c4572b..fa5556e50 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3636,9 +3636,10 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, } } - goto exit; -exit: + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ + goto exit; } /* END_CASE */ @@ -3688,9 +3689,9 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, } } + /* Goto is required to silence warnings about unused labels, as we + * don't actually do any test assertions in this function. */ goto exit; - -exit: } /* END_CASE */ From 95271f10c372c1a805cbc875aec429bead7ef3c9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 16:50:45 +0100 Subject: [PATCH 081/195] Call set_nonce direct rather than by wrapper Signed-off-by: Paul Elliott --- library/psa_crypto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 714e556b5..9fb3a2094 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3569,8 +3569,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - status = psa_driver_wrapper_aead_set_nonce( operation, nonce, - required_nonce_size ); + status = psa_aead_set_nonce( operation, nonce, required_nonce_size ); exit: From 3bd5dbacc1fffdaf1d99cd8b431e98b75e04a7b4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 17:14:40 +0100 Subject: [PATCH 082/195] Improve generate nonce test Make sure the generated nonce works to encrypt test data if the generated nonce is valid. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 10 +++--- tests/suites/test_suite_psa_crypto.function | 39 +++++++++++++++++++-- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7fe94495b..f55deb022 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2576,23 +2576,23 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90 PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fa5556e50..577b8c6e8 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3699,7 +3699,9 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, int alg_arg, int nonce_len, - int expected_result_arg ) + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; @@ -3710,6 +3712,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; size_t nonce_generated_len = 0; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; PSA_ASSERT( psa_crypto_init( ) ); @@ -3722,6 +3731,16 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + operation = psa_aead_operation_init( ); status = psa_aead_encrypt_setup( &operation, key, alg ); @@ -3743,7 +3762,23 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, nonce_len, &nonce_generated_len ); - TEST_ASSERT( status == expected_result_arg ); + TEST_ASSERT( status == expected_status_arg ); + + if( expected_status_arg == PSA_SUCCESS ) + { + + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output_data, output_size, &output_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, + &output_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } exit: psa_destroy_key( key ); From 018765164762ecf2110a21994f87043af0081df4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 18:13:04 +0100 Subject: [PATCH 083/195] Test all set lengths and set/generate nonce orders Test that the two are completely interchangeable in order. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 40 +++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 577b8c6e8..bb4d7e611 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3979,6 +3979,46 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test that generate/set nonce and set lengths are interchangeable (we + * already tested set nonce followed by set lengths above). */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + psa_aead_abort( &operation ); + /* Test for setting lengths after already starting data. */ operation = psa_aead_operation_init( ); From cf2d66e022ff9241866f19e49789030e76266e9e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 23 Jun 2021 18:49:56 +0100 Subject: [PATCH 084/195] Remove permitting of 8 byte nonce with PolyChaCha Also unify nonce length checking Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 3b8fdc8b6..1a515a14a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -247,6 +247,21 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, return( PSA_SUCCESS ); } +static psa_status_t mbedtls_aead_check_nonce_length( + mbedtls_psa_aead_operation_t *operation, + size_t nonce_length ) +{ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + return PSA_SUCCESS; +} + psa_status_t mbedtls_psa_aead_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -272,6 +287,13 @@ psa_status_t mbedtls_psa_aead_decrypt( if( status != PSA_SUCCESS ) goto exit; + if( mbedtls_aead_check_nonce_length( &operation, nonce_length ) + != PSA_SUCCESS) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) { @@ -303,7 +325,7 @@ psa_status_t mbedtls_psa_aead_decrypt( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -397,6 +419,12 @@ psa_status_t mbedtls_psa_aead_set_nonce( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if( mbedtls_aead_check_nonce_length( operation, nonce_length ) + != PSA_SUCCESS) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { @@ -412,11 +440,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 && nonce_length != 8) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - status = mbedtls_to_psa_error( mbedtls_chachapoly_starts( &operation->ctx.chachapoly, nonce, From 16906f9011da64a32e20d80cf2b3571148ad87ac Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 09:57:01 +0100 Subject: [PATCH 085/195] Add missing frees to generate nonce test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bb4d7e611..819c61b52 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3782,6 +3782,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, exit: psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); psa_aead_abort( &operation ); PSA_DONE( ); } From e24f1a1a9d123fea12a86d65b5cb9d1f0ff1b594 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 14:37:53 +0100 Subject: [PATCH 086/195] Fix missed driver wrapper tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index e86309b06..fb92d3458 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -997,7 +997,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_encrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ? @@ -1061,7 +1061,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, input_data->x, input_data->len, output_data, output_size, &output_length ); - TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits_decrypt, 1 ); TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status ); TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ? From a8940ed876997c9f0f051c099f769988b27b452a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 16:57:52 +0100 Subject: [PATCH 087/195] Fix documented error codes Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 50644c099..57b1b74bf 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -179,7 +179,7 @@ psa_status_t mbedtls_psa_aead_decrypt( * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. + * An invalid block length was supplied. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -222,8 +222,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( * * \retval #PSA_SUCCESS * Success. - * * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An invalid block length was supplied. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -403,7 +403,7 @@ psa_status_t mbedtls_psa_aead_update_ad( * * \retval #PSA_SUCCESS * Success. - + * * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or From 87c909a8c598c98fb58593d71fff00fb18f46942 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 18:07:39 +0100 Subject: [PATCH 088/195] Make auxiliary function static Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 819c61b52..502515f2a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -467,16 +467,16 @@ exit: return( status ); } -void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, - int alg_arg, - data_t *nonce, - data_t *additional_data, - int ad_part_len, - data_t *input_data, - int data_part_len, - int test_set_lengths_arg, - data_t *expected_data, - int expected_result_arg ) +static void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + int test_set_lengths_arg, + data_t *expected_data, + int expected_result_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; From 7f429b747b8086781d32eb3db4d48e46a58e8ec7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 18:08:54 +0100 Subject: [PATCH 089/195] Remove code duplication and fix formatting Signed-off-by: Paul Elliott --- library/psa_crypto.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9fb3a2094..64c05ea6e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3549,7 +3549,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, } if( operation->nonce_set || operation->ad_started || - operation->body_started || operation->is_encrypt == 0 ) + operation->body_started || !operation->is_encrypt ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3635,7 +3635,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, } if( operation->lengths_set || operation->ad_started || - operation->body_started) + operation->body_started ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3761,7 +3761,7 @@ exit: static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) { - if( operation->id == 0 || operation->nonce_set == 0 ) + if( operation->id == 0 || !operation->nonce_set ) return( PSA_ERROR_BAD_STATE ); if( operation->lengths_set && (operation->ad_remaining != 0 || @@ -3790,7 +3790,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - if( operation->is_encrypt == 0 ) + if( !operation->is_encrypt ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3831,17 +3831,12 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - if( operation->is_encrypt == 1 ) + if( operation->is_encrypt ) { status = PSA_ERROR_BAD_STATE; goto exit; } - status = psa_aead_final_checks( operation ); - - if( status != PSA_SUCCESS ) - goto exit; - status = psa_driver_wrapper_aead_verify( operation, plaintext, plaintext_size, plaintext_length, From c2b7144da0f807e2ae1b2c64ab2b5184cd41ac53 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 18:17:52 +0100 Subject: [PATCH 090/195] Simplify logic and factor out initial checks Signed-off-by: Paul Elliott --- library/psa_crypto.c | 66 +++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 38 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 64c05ea6e..a9026e4bb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3401,6 +3401,28 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); } +static psa_status_t psa_aead_setup_checks( psa_aead_operation_t *operation, + psa_algorithm_t alg ) +{ + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + if( operation->id != 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + + if( operation->nonce_set || operation->lengths_set || + operation->ad_started || operation->body_started ) + { + return( PSA_ERROR_BAD_STATE ); + } + + return( PSA_SUCCESS ); +} + /* Set the key for a multipart authenticated encryption operation. */ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, @@ -3410,24 +3432,10 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + status = psa_aead_setup_checks( operation, alg ); - if( operation->id != 0 ) - { - status = PSA_ERROR_BAD_STATE; + if( status != PSA_SUCCESS ) goto exit; - } - - if( operation->nonce_set || operation->lengths_set || - operation->ad_started || operation->body_started ) - { - status = PSA_ERROR_BAD_STATE; - goto exit; - } status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); @@ -3452,11 +3460,9 @@ exit: unlock_status = psa_unlock_key_slot( slot ); - if( status == PSA_SUCCESS ) - status = unlock_status; - if( status == PSA_SUCCESS ) { + status = unlock_status; operation->alg = psa_aead_get_base_algorithm( alg ); operation->is_encrypt = 1; } @@ -3475,24 +3481,10 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + status = psa_aead_setup_checks( operation, alg ); - if( operation->id != 0 ) - { - status = PSA_ERROR_BAD_STATE; + if( status != PSA_SUCCESS ) goto exit; - } - - if( operation->nonce_set || operation->lengths_set || - operation->ad_started || operation->body_started ) - { - status = PSA_ERROR_BAD_STATE; - goto exit; - } status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); @@ -3517,11 +3509,9 @@ exit: unlock_status = psa_unlock_key_slot( slot ); - if( status == PSA_SUCCESS ) - status = unlock_status; - if( status == PSA_SUCCESS ) { + status = unlock_status; operation->alg = psa_aead_get_base_algorithm( alg ); operation->is_encrypt = 0; } From ed68d7464d3444f6627b5a8137f708abe197256d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 24 Jun 2021 20:37:32 +0100 Subject: [PATCH 091/195] Move buffer size checks up to psa_crypto layer Signed-off-by: Paul Elliott --- library/psa_crypto.c | 16 +++++++++++++--- library/psa_crypto_aead.c | 16 ++-------------- library/psa_crypto_aead.h | 18 ++++++++---------- 3 files changed, 23 insertions(+), 27 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a9026e4bb..a5027f386 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3749,8 +3749,11 @@ exit: return( status ); } -static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) +static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation, + size_t output_size ) { + size_t finish_output_size; + if( operation->id == 0 || !operation->nonce_set ) return( PSA_ERROR_BAD_STATE ); @@ -3758,6 +3761,13 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) operation->body_remaining != 0 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); + finish_output_size = operation->is_encrypt ? + PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) : + PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg ); + + if( output_size < finish_output_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + return( PSA_SUCCESS ); } @@ -3775,7 +3785,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *ciphertext_length = 0; *tag_length = tag_size; - status = psa_aead_final_checks( operation ); + status = psa_aead_final_checks( operation, ciphertext_size ); if( status != PSA_SUCCESS ) goto exit; @@ -3816,7 +3826,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; - status = psa_aead_final_checks( operation ); + status = psa_aead_final_checks( operation, plaintext_size ); if( status != PSA_SUCCESS ) goto exit; diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 1a515a14a..f2096ce3f 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -603,21 +603,11 @@ psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_verify() */ static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t *operation, - size_t output_size, size_t tag_size ) { - size_t finish_output_size; - if( tag_size < operation->tag_length ) return ( PSA_ERROR_BUFFER_TOO_SMALL ); - finish_output_size = operation->is_encrypt ? - PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) : - PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg ); - - if( output_size < finish_output_size ) - return ( PSA_ERROR_BUFFER_TOO_SMALL ); - return ( PSA_SUCCESS ); } @@ -634,8 +624,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t finish_output_size = 0; - status = mbedtls_psa_aead_finish_checks( operation, ciphertext_size, - tag_size ); + status = mbedtls_psa_aead_finish_checks( operation, tag_size ); if( status != PSA_SUCCESS ) return status; @@ -690,8 +679,7 @@ psa_status_t mbedtls_psa_aead_verify( int do_tag_check = 1; uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - status = mbedtls_psa_aead_finish_checks( operation, plaintext_size, - tag_length ); + status = mbedtls_psa_aead_finish_checks( operation, tag_length ); if( status != PSA_SUCCESS ) return status; diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 57b1b74bf..c664f9f2b 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -477,12 +477,10 @@ psa_status_t mbedtls_psa_aead_update( * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p ciphertext or \p tag buffer is too small. - * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or - * #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the - * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, - * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to - * determine the required \p tag buffer size. + * The size of the \p tag buffer is too small. + * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or + * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag + * buffer size. */ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, @@ -551,10 +549,10 @@ psa_status_t mbedtls_psa_aead_finish( * The calculations were successful, but the authentication tag is * not correct. * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p plaintext buffer is too small. - * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or - * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the - * required buffer size. + * The size of the \p tag buffer is too small. + * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or + * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag + * buffer size. */ psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation, From a561444561dec2313a99c3a6d6b560d0828f05c3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 14 Jul 2021 14:54:11 +0100 Subject: [PATCH 092/195] Add missing space Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a5027f386..e14508353 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3757,7 +3757,7 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation, if( operation->id == 0 || !operation->nonce_set ) return( PSA_ERROR_BAD_STATE ); - if( operation->lengths_set && (operation->ad_remaining != 0 || + if( operation->lengths_set && ( operation->ad_remaining != 0 || operation->body_remaining != 0 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); From 96b0173cec455571d89bb57d2c8b7c47500d9277 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 17:00:26 +0100 Subject: [PATCH 093/195] Add common nonce checking to oneshot encrypt Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 40 +++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index f2096ce3f..9ac26467f 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -136,6 +136,22 @@ static psa_status_t psa_aead_setup( return( PSA_SUCCESS ); } +/* Perform common nonce length checks */ +static psa_status_t mbedtls_aead_check_nonce_length( + mbedtls_psa_aead_operation_t *operation, + size_t nonce_length ) +{ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + return PSA_SUCCESS; +} + psa_status_t mbedtls_psa_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -164,6 +180,13 @@ psa_status_t mbedtls_psa_aead_encrypt( } tag = ciphertext + plaintext_length; + if( mbedtls_aead_check_nonce_length( &operation, nonce_length ) + != PSA_SUCCESS ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) { @@ -195,7 +218,7 @@ psa_status_t mbedtls_psa_aead_encrypt( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation.alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 || operation.tag_length != 16 ) + if( operation.tag_length != 16 ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -247,21 +270,6 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, return( PSA_SUCCESS ); } -static psa_status_t mbedtls_aead_check_nonce_length( - mbedtls_psa_aead_operation_t *operation, - size_t nonce_length ) -{ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - - return PSA_SUCCESS; -} - psa_status_t mbedtls_psa_aead_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, From 481be341ef1bee3a1a71bfb35b40dcfb72ca403e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 17:38:47 +0100 Subject: [PATCH 094/195] Make state tests more readable Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 502515f2a..dfd0cfde4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3859,6 +3859,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, @@ -3867,6 +3869,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, @@ -3875,6 +3879,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); TEST_EQUAL( psa_aead_update( &operation, input_data->x, @@ -3884,6 +3890,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); TEST_EQUAL( psa_aead_finish( &operation, final_data, @@ -3895,6 +3903,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); TEST_EQUAL( psa_aead_verify( &operation, final_data, @@ -3917,6 +3927,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); @@ -3995,6 +4007,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); @@ -4008,6 +4022,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + operation = psa_aead_operation_init( ); PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); From 374a2be58805d1e28f9493a20dc649ad69b8a621 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 17:53:40 +0100 Subject: [PATCH 095/195] Add missing state test coverage Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 70 +++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index dfd0cfde4..5f36230bf 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3938,6 +3938,28 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + /* Test for not setting a nonce. */ operation = psa_aead_operation_init( ); @@ -3963,6 +3985,54 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test for double generating nonce. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + + psa_aead_abort( &operation ); + + /* Test for generate nonce then set and vice versa */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ) ); + + TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, + PSA_AEAD_NONCE_MAX_SIZE, + &nonce_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + /* Test for generating nonce in decrypt setup. */ operation = psa_aead_operation_init( ); From d85f547b65b177d786598890742b48d3fd8b0987 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 18:20:16 +0100 Subject: [PATCH 096/195] Add expected size to nonce generation test Also add unneeded copy-paste in the test descriptions. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 14 +++++++------- tests/suites/test_suite_psa_crypto.function | 4 ++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f55deb022..db94f53b3 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2574,25 +2574,25 @@ PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 12 +PSA Multipart Nonce Generation, AES - GCM, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS -PSA Multipart Nonce Generation, AES - GCM, CAVS 14.0, IV = 0 +PSA Multipart Nonce Generation, AES - GCM, IV = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5f36230bf..b5fe5e74a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3699,6 +3699,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, int alg_arg, int nonce_len, + int expected_generated_len_arg, data_t *additional_data, data_t *input_data, int expected_status_arg ) @@ -3712,6 +3713,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; size_t nonce_generated_len = 0; + size_t expected_generated_len = expected_generated_len_arg; unsigned char *output_data = NULL; unsigned char *final_data = NULL; size_t output_size = 0; @@ -3764,6 +3766,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, TEST_ASSERT( status == expected_status_arg ); + TEST_EQUAL( nonce_generated_len, expected_generated_len ); + if( expected_status_arg == PSA_SUCCESS ) { From e0fcb3b99efc500f792d9fcdecc08af30d8e9e8c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 18:52:03 +0100 Subject: [PATCH 097/195] Add 'too big' tests for nonce generation Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ tests/suites/test_suite_psa_crypto.function | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index db94f53b3..5e16c8c07 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2582,6 +2582,10 @@ PSA Multipart Nonce Generation, AES - GCM, IV = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +PSA Multipart Nonce Generation, AES - GCM, IV = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS @@ -2594,6 +2598,10 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b5fe5e74a..ac58b6edf 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3758,8 +3758,6 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, PSA_ASSERT( status ); - TEST_ASSERT( nonce_len < PSA_AEAD_NONCE_MAX_SIZE ); - status = psa_aead_generate_nonce( &operation, nonce_buffer, nonce_len, &nonce_generated_len ); @@ -3768,6 +3766,8 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, TEST_EQUAL( nonce_generated_len, expected_generated_len ); + TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE ); + if( expected_status_arg == PSA_SUCCESS ) { From 32925b9e5b3c67c754ca7f8fcb34abf56c5fe480 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Jul 2021 18:56:12 +0100 Subject: [PATCH 098/195] Make sure unused parts of tag buffer are cleared We already did this on failure, but make sure the buffer does not leak what was in it previously on success Signed-off-by: Paul Elliott --- library/psa_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e14508353..95f974063 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3804,9 +3804,14 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, exit: /* In case the operation fails and the user fails to check for failure or - * the zero tag size, make sure the tag is set to something impossible. */ + * the zero tag size, make sure the tag is set to something impossible. + * Even if the operation succeeds, make sure we set the rest of the + * buffer to something impossible to prevent potential leakage of + * anything previously placed in the same buffer.*/ if( status != PSA_SUCCESS ) - memset(tag, '!', tag_size); + memset( tag, '!', tag_size ); + else if( *tag_length < tag_size ) + memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); psa_aead_abort( operation ); From 315628d91ab1f07327655cfc1aebe3b433078046 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 20 Jul 2021 18:25:54 +0100 Subject: [PATCH 099/195] Remove internal aead_verify endpoint The internal verify endpoint was only calling the finish endpoint to get a tag to compare against the tag passed in. Moved this logic to the driver wrapper (still allowing a driver to call verify if required) and removed the internal implementation endpoint. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 78 +--------------------------- library/psa_crypto_aead.h | 71 ------------------------- library/psa_crypto_driver_wrappers.c | 28 ++++++++-- 3 files changed, 25 insertions(+), 152 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 9ac26467f..9f673596f 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -607,18 +607,6 @@ psa_status_t mbedtls_psa_aead_update( return( status ); } -/* Common checks for both mbedtls_psa_aead_finish() and - mbedtls_psa_aead_verify() */ -static psa_status_t mbedtls_psa_aead_finish_checks( - mbedtls_psa_aead_operation_t *operation, - size_t tag_size ) -{ - if( tag_size < operation->tag_length ) - return ( PSA_ERROR_BUFFER_TOO_SMALL ); - - return ( PSA_SUCCESS ); -} - /* Finish encrypting a message in a multipart AEAD operation. */ psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation, @@ -632,10 +620,8 @@ psa_status_t mbedtls_psa_aead_finish( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t finish_output_size = 0; - status = mbedtls_psa_aead_finish_checks( operation, tag_size ); - - if( status != PSA_SUCCESS ) - return status; + if( tag_size < operation->tag_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) @@ -672,66 +658,6 @@ psa_status_t mbedtls_psa_aead_finish( return ( status ); } -/* Finish authenticating and decrypting a message in a multipart AEAD - * operation.*/ -psa_status_t mbedtls_psa_aead_verify( - mbedtls_psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t finish_output_size = 0; - int do_tag_check = 1; - uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - - status = mbedtls_psa_aead_finish_checks( operation, tag_length ); - - if( status != PSA_SUCCESS ) - return status; - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation->alg == PSA_ALG_GCM ) - /* Call finish to get the tag for comparison */ - status = mbedtls_to_psa_error( - mbedtls_gcm_finish( &operation->ctx.gcm, - plaintext, plaintext_size, - check_tag, operation->tag_length ) ); - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - // call finish to get the tag for comparison. - status = mbedtls_to_psa_error( - mbedtls_chachapoly_finish( &operation->ctx.chachapoly, - check_tag ) ); - - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - { - ( void ) plaintext; - ( void ) plaintext_size; - ( void ) plaintext_length; - ( void ) tag; - ( void ) tag_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - - if( status == PSA_SUCCESS ) - { - *plaintext_length = finish_output_size; - - if( do_tag_check && ( tag_length != operation->tag_length || - mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) ) - status = PSA_ERROR_INVALID_SIGNATURE; - } - - return ( status ); -} - /* Abort an AEAD operation */ psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation ) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index c664f9f2b..38202b6fb 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -491,77 +491,6 @@ psa_status_t mbedtls_psa_aead_finish( size_t tag_size, size_t *tag_length ); -/** Finish authenticating and decrypting a message in an AEAD operation. - * - * \note The signature of this function is that of a PSA driver - * aead_verify entry point. This function behaves as an aead_verify entry - * point as defined in the PSA driver interface specification for - * transparent drivers. - * - * The operation must have been set up by the PSA core with - * mbedtls_psa_aead_decrypt_setup(). - * - * This function finishes the authenticated decryption of the message - * components: - * - * - The additional data consisting of the concatenation of the inputs - * passed to preceding calls to mbedtls_psa_aead_update_ad(). - * - The ciphertext consisting of the concatenation of the inputs passed to - * preceding calls to mbedtls_psa_aead_update(). - * - The tag passed to this function call. - * - * If the authentication tag is correct, this function outputs any remaining - * plaintext and reports success. If the authentication tag is not correct, - * this function returns #PSA_ERROR_INVALID_SIGNATURE. - * - * Whether or not this function returns successfully, the PSA core subsequently - * calls mbedtls_psa_aead_abort() to deactivate the operation. - * - * \note Implementations shall make the best effort to ensure that the - * comparison between the actual tag and the expected tag is performed - * in constant time. - * - * \param[in,out] operation Active AEAD operation. - * \param[out] plaintext Buffer where the last part of the plaintext - * is to be written. This is the remaining data - * from previous calls to mbedtls_psa_aead_update() - * that could not be processed until the end - * of the input. - * \param plaintext_size Size of the \p plaintext buffer in bytes. - * This must be appropriate for the selected - * algorithm and key: - * - A sufficient output size is - * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, - * \c alg) where \c key_type is the type of key - * and \c alg is the algorithm that were used to - * set up the operation. - * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to - * the maximum output size of any supported AEAD - * algorithm. - * \param[out] plaintext_length On success, the number of bytes of - * returned plaintext. - * \param[in] tag Buffer containing the authentication tag. - * \param tag_length Size of the \p tag buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_SIGNATURE - * The calculations were successful, but the authentication tag is - * not correct. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p tag buffer is too small. - * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or - * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag - * buffer size. - */ -psa_status_t mbedtls_psa_aead_verify( - mbedtls_psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length ); - /** Abort an AEAD operation. * * \note The signature of this function is that of a PSA driver diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 48410c0e1..09fff0c6b 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1739,11 +1739,29 @@ psa_status_t psa_driver_wrapper_aead_verify( { #if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx, - plaintext, - plaintext_size, - plaintext_length, - tag, tag_length ) ); + { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + tag_length, + &check_tag_length ); + + if( status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + status = PSA_ERROR_INVALID_SIGNATURE; + } + + return( status ); + } #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ From 97fd1bad8375d96a7901f828ef62799c8e7d64bc Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 21 Jul 2021 18:46:06 +0100 Subject: [PATCH 100/195] Convert over to using a single internal test func Make all encrypt/decrypt tests use the same function. Cleanup arguments that were poorly named and document internal function. Removed one test as I didn't want to write another test purely for it, when its already tested in one shot. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 187 +++---- tests/suites/test_suite_psa_crypto.function | 531 ++++++++------------ 2 files changed, 263 insertions(+), 455 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5e16c8c07..8f9d6c4d6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2312,224 +2312,166 @@ aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a0 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 PSA Multipart AEAD decrypt, AES-GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0 PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INVALID_SIGNATURE - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - -PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 18 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1 PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1 PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" @@ -2548,32 +2490,25 @@ aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":PSA_SUCCESS - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1 PSA Multipart AEAD decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT - +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0 PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":PSA_ERROR_INVALID_ARGUMENT - +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0 PSA Multipart Nonce Generation, AES - GCM, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ac58b6edf..fe9e0014d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -264,16 +264,41 @@ typedef enum { DERIVE_KEY = 2 } generate_method; -static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, - data_t *key_data, - int alg_arg, - data_t *nonce, - data_t *additional_data, - int ad_part_len, - data_t *input_data, - int data_part_len, - int test_set_lengths_arg, - data_t *expected_result ) +/*! + * \brief Internal Function for AEAD multipart tests. + * + * \param key_type_arg Type of key passed in + * \param key_data The encryption / decryption key data + * \param alg_arg The type of algorithm used + * \param nonce Nonce data + * \param additional_data Additional data + * \param ad_part_len If not -1, the length of chunks to + * feed additional data in to be encrypted / + * decrypted. If -1, no chunking. + * \param input_data Data to encrypt / decrypt + * \param data_part_len If not -1, the length of chunks to feed the + * data in to be encrypted / decrypted. If -1, + * no chunking + * \param do_set_lengths If non-zero, then set lengths prior to + * calling encryption / decryption. + * \param expected_output Expected output + * \param expected_status_arg Expected status + * \param is_encrypt If non-zero this is an encryption operation. + * + * \return int Zero on failure, non-zero on success. + * + */ +static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + int ad_part_len, + data_t *input_data, + int data_part_len, + int do_set_lengths, + data_t *expected_output, + int expect_valid_signature, + int is_encrypt ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -282,23 +307,30 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, unsigned char *output_data = NULL; unsigned char *part_data = NULL; unsigned char *final_data = NULL; - size_t output_size = 0; - size_t finish_output_size; + size_t data_true_size = 0; size_t part_data_size = 0; + size_t output_size = 0; + size_t final_output_size = 0; size_t output_length = 0; size_t key_bits = 0; size_t tag_length = 0; - size_t tag_size = 0; - uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; uint32_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; + size_t tag_size = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; + int test_ok = 0; + PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + if( is_encrypt ) + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + else + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); @@ -310,23 +342,46 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - TEST_ASSERT( tag_length <= PSA_AEAD_TAG_MAX_SIZE ); + if( is_encrypt ) + { + /* Tag gets written at end of buffer. */ + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len + + tag_length ) ); + data_true_size = input_data->len; + } + else + { + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + ( input_data->len - + tag_length ) ); - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len + - tag_length ) ); + /* Do not want to attempt to decrypt tag. */ + data_true_size = input_data->len - tag_length; + } ASSERT_ALLOC( output_data, output_size ); - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + if( is_encrypt ) + { + final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + } + else + { + final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + } - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - - ASSERT_ALLOC( final_data, finish_output_size ); + ASSERT_ALLOC( final_data, final_output_size ); operation = psa_aead_operation_init( ); - status = psa_aead_encrypt_setup( &operation, key, alg ); + + if( is_encrypt ) + status = psa_aead_encrypt_setup( &operation, key, alg ); + else + status = psa_aead_decrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the * encryption involves a common limitation of cryptography hardwares and @@ -341,10 +396,10 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - if( test_set_lengths_arg ) + if( do_set_lengths ) { PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ) ); + data_true_size ) ); } if( ad_part_len != -1 ) @@ -381,17 +436,17 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, { /* Pass data in parts */ part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); + ( size_t ) data_part_len ); ASSERT_ALLOC( part_data, part_data_size ); part_offset = 0; - while( part_offset < input_data->len ) + while( part_offset < data_true_size ) { - if( input_data->len - part_offset < ( uint32_t ) data_part_len ) + if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len ) { - part_length = input_data->len - part_offset; + part_length = ( data_true_size - part_offset ); } else { @@ -416,283 +471,79 @@ static psa_status_t aead_multipart_encrypt_internal( int key_type_arg, } else { - /* Pass whole data in one go */ + /* Pass all data in one go. */ PSA_ASSERT( psa_aead_update( &operation, input_data->x, - input_data->len, output_data, + data_true_size, output_data, output_size, &output_length ) ); } - PSA_ASSERT( psa_aead_finish( &operation, final_data, - finish_output_size, - &output_part_length, - tag_buffer, tag_length, - &tag_size ) ); - - if( output_data && output_part_length ) + if( is_encrypt ) + PSA_ASSERT( psa_aead_finish( &operation, final_data, + final_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ) ); + else { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); + status = psa_aead_verify( &operation, final_data, + final_output_size, + &output_part_length, + ( input_data->x + data_true_size ), + tag_length ); + + if( status != PSA_SUCCESS ) + { + if( !expect_valid_signature ) + { + /* Expected failure. */ + test_ok = 1; + goto exit; + } + else + PSA_ASSERT( status ); + } } - TEST_EQUAL( tag_length, tag_size ); + if( output_data && output_part_length ) + memcpy( ( output_data + output_length ), final_data, + output_part_length ); output_length += output_part_length; - if( output_data && tag_length ) + + /* For all currently defined algorithms, PSA_AEAD_xxx_OUTPUT_SIZE + * should be exact.*/ + if( is_encrypt ) { - memcpy( ( output_data + output_length ), tag_buffer, tag_length ); + TEST_EQUAL( tag_length, tag_size ); + + if( output_data && tag_length ) + memcpy( ( output_data + output_length ), tag_buffer, + tag_length ); + + output_length += tag_length; + + TEST_EQUAL( output_length, + PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); + } + else + { + TEST_EQUAL( output_length, + PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, + input_data->len ) ); + TEST_ASSERT( output_length <= + PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); } - output_length += tag_length; - /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( output_length, - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - TEST_ASSERT( output_length <= - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); - - ASSERT_COMPARE( expected_result->x, expected_result->len, + ASSERT_COMPARE( expected_output->x, expected_output->len, output_data, output_length ); -exit: - psa_destroy_key( key ); - psa_aead_abort( &operation ); - mbedtls_free( output_data ); - mbedtls_free( part_data ); - mbedtls_free( final_data ); - PSA_DONE( ); - return( status ); -} - -static void aead_multipart_decrypt_internal( int key_type_arg, data_t *key_data, - int alg_arg, - data_t *nonce, - data_t *additional_data, - int ad_part_len, - data_t *input_data, - int data_part_len, - int test_set_lengths_arg, - data_t *expected_data, - int expected_result_arg ) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t key_type = key_type_arg; - psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; - unsigned char *output_data = NULL; - unsigned char *part_data = NULL; - unsigned char *final_data = NULL; - size_t part_data_size; - size_t output_size = 0; - size_t verify_output_size = 0; - size_t output_length = 0; - size_t key_bits = 0; - size_t tag_length = 0; - uint32_t part_offset = 0; - size_t part_length = 0; - size_t output_part_length = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t expected_result = expected_result_arg; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - - PSA_ASSERT( psa_crypto_init( ) ); - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, key_type ); - - PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &key ) ); - - PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - key_bits = psa_get_key_bits( &attributes ); - - tag_length = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ); - - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( input_data->len - - tag_length ) ); - - ASSERT_ALLOC( output_data, output_size ); - - verify_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( verify_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( final_data, verify_output_size ); - - operation = psa_aead_operation_init( ); - - status = psa_aead_decrypt_setup( &operation, key, alg ); - - /* If the operation is not supported, just skip and not fail in case the - * encryption involves a common limitation of cryptography hardwares and - * an alternative implementation. */ - if( status == PSA_ERROR_NOT_SUPPORTED ) - { - MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); - } - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - status = psa_aead_set_nonce( &operation, nonce->x, nonce->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( test_set_lengths_arg ) - { - status = psa_aead_set_lengths( &operation, additional_data->len, - ( input_data->len - tag_length ) ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - } - - if( ad_part_len != -1 ) - { - part_offset = 0; - - while( part_offset < additional_data->len ) - { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } - - status = psa_aead_update_ad( &operation, - additional_data->x + part_offset, - part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - part_offset += part_length; - } - } - else - { - status = psa_aead_update_ad( &operation, additional_data->x, - additional_data->len ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - } - - if( data_part_len != -1 ) - { - /* Pass data in parts */ - part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, - ( size_t ) data_part_len ); - - ASSERT_ALLOC( part_data, part_data_size ); - - part_offset = 0; - - while( part_offset < ( input_data->len - tag_length) ) - { - if( (input_data->len - tag_length - part_offset ) < - ( uint32_t ) data_part_len ) - { - part_length = ( input_data->len - tag_length - part_offset ); - } - else - { - part_length = data_part_len; - } - - status = psa_aead_update( &operation, - ( input_data->x + part_offset ), - part_length, part_data, - part_data_size, &output_part_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + part_offset ), part_data, - output_part_length ); - } - - part_offset += part_length; - output_length += output_part_length; - } - } - else - { - status = psa_aead_update( &operation, input_data->x, - ( input_data->len - tag_length ), output_data, - output_size, &output_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - } - - status = psa_aead_verify( &operation, final_data, - verify_output_size, - &output_part_length, - ( input_data->x + input_data->len - tag_length ), - tag_length ); - - if( status != PSA_SUCCESS ) - { - TEST_EQUAL( status, expected_result_arg ); - goto exit; - } - - if( output_data && output_part_length ) - { - memcpy( ( output_data + output_length ), final_data, - output_part_length ); - } - - output_length += output_part_length; - - if( expected_result != PSA_ERROR_INVALID_ARGUMENT ) - { - /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE - * should be exact. */ - TEST_EQUAL( output_length, - PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, - input_data->len ) ); - TEST_ASSERT( output_length <= - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) ); - } - - if( expected_result == PSA_SUCCESS ) - { - ASSERT_COMPARE( expected_data->x, expected_data->len, - output_data, output_length ); - } + test_ok = 1; exit: psa_destroy_key( key ); @@ -701,6 +552,8 @@ exit: mbedtls_free( part_data ); mbedtls_free( final_data ); PSA_DONE( ); + + return( test_ok ); } /* END_HEADER */ @@ -3596,43 +3449,53 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int test_ad_mp_arg, + int do_test_ad_chunked, data_t *input_data, - int test_data_mp_arg, - int test_set_lengths_arg, - data_t *expected_result_arg ) + int do_test_data_chunked, + int do_set_lengths, + data_t *expected_output ) { size_t ad_part_len = 0; size_t data_part_len = 0; - if( test_ad_mp_arg == 1 ) + TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked ); + + /* Temporary whilst we have algorithms that cannot support chunking */ + if( do_test_ad_chunked == 1 ) { for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) { mbedtls_test_set_step( ad_part_len ); - aead_multipart_encrypt_internal( key_type_arg, key_data, - alg_arg,nonce, - additional_data, - ad_part_len, - input_data, -1, - test_set_lengths_arg, - expected_result_arg ); + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + do_set_lengths, + expected_output, + 1, 1 ) ) + break; } } - if( test_data_mp_arg == 1 ) + /* Temporary whilst we have algorithms that cannot support chunking */ + if( do_test_data_chunked == 1 ) { for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - aead_multipart_encrypt_internal( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - test_set_lengths_arg, - expected_result_arg ); + mbedtls_test_set_step( 1000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + do_set_lengths, + expected_output, + 1, 1 ) ) + break; } } @@ -3648,44 +3511,54 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int test_ad_mp_arg, + int do_test_ad_chunked, data_t *input_data, - int test_data_mp_arg, - int test_set_lengths_arg, - data_t *expected_data, - int expected_status ) + int do_test_data_chunked, + int do_set_lengths, + data_t *expected_output, + int expect_valid_signature ) { size_t ad_part_len = 0; size_t data_part_len = 0; - if( test_ad_mp_arg == 1 ) + /* Temporary whilst we have algorithms that cannot support chunking */ + if( do_test_ad_chunked == 1 ) { for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) { mbedtls_test_set_step( ad_part_len ); - aead_multipart_decrypt_internal( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - test_set_lengths_arg, - expected_data, expected_status ); + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + do_set_lengths, + expected_output, + expect_valid_signature, + 0 ) ) + break; } } - if( test_data_mp_arg == 1 ) + /* Temporary whilst we have algorithms that cannot support chunking */ + if( do_test_data_chunked == 1 ) { for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - aead_multipart_decrypt_internal( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - test_set_lengths_arg, - expected_data, expected_status ); + mbedtls_test_set_step( 1000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + do_set_lengths, + expected_output, + expect_valid_signature, + 0 ) ) + break; } } From 243080ca7de46b576069e6285ddd0893ec055047 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 21 Jul 2021 19:01:17 +0100 Subject: [PATCH 101/195] Clarify comments on state test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fe9e0014d..c5567406a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4002,7 +4002,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - /* Test for not sending any additional data or data (encrypt) */ + /* Test for not sending any additional data or data after setting non zero + * lengths for them. (encrypt) */ operation = psa_aead_operation_init( ); @@ -4022,7 +4023,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - /* Test for not sending any additional data or data (decrypt) */ + /* Test for not sending any additional data or data after setting non-zero + * lengths for them. (decrypt) */ operation = psa_aead_operation_init( ); @@ -4042,7 +4044,8 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - /* Test for not sending any additional data. */ + /* Test for not sending any additional data after setting a non-zero length + * for it. */ operation = psa_aead_operation_init( ); From 329d5381a5fd7e55892eac6e5dabdd62512b7cbe Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 17:10:45 +0100 Subject: [PATCH 102/195] Add 0 length part tests Add tests to do zero length part, n length part until done, to exercise the zero length edge case. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 99 ++++++++++++++++++--- 1 file changed, 86 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c5567406a..46f7a1d52 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -298,7 +298,8 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int do_set_lengths, data_t *expected_output, int expect_valid_signature, - int is_encrypt ) + int is_encrypt, + int do_zero_parts ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -323,6 +324,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, psa_status_t status = PSA_ERROR_GENERIC_ERROR; int test_ok = 0; + uint32_t part_count = 0; PSA_ASSERT( psa_crypto_init( ) ); @@ -409,13 +411,21 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, while( part_offset < additional_data->len ) { - if( additional_data->len - part_offset < ( uint32_t ) ad_part_len ) + if( do_zero_parts && part_count++ & 0x01 ) { - part_length = additional_data->len - part_offset; + part_length = 0; } else { - part_length = ad_part_len; + if( additional_data->len - part_offset < + ( uint32_t ) ad_part_len ) + { + part_length = additional_data->len - part_offset; + } + else + { + part_length = ad_part_len; + } } PSA_ASSERT( psa_aead_update_ad( &operation, @@ -444,13 +454,20 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, while( part_offset < data_true_size ) { - if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len ) + if( do_zero_parts && part_count++ & 0x01 ) { - part_length = ( data_true_size - part_offset ); + part_length = 0; } else { - part_length = data_part_len; + if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len ) + { + part_length = ( data_true_size - part_offset ); + } + else + { + part_length = data_part_len; + } } PSA_ASSERT( psa_aead_update( &operation, @@ -3468,6 +3485,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, { mbedtls_test_set_step( ad_part_len ); + /* Split ad into length(ad_part_len) parts. */ if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, additional_data, @@ -3475,7 +3493,20 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, -1, do_set_lengths, expected_output, - 1, 1 ) ) + 1, 1, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + do_set_lengths, + expected_output, + 1, 1, 1 ) ) break; } } @@ -3486,7 +3517,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - mbedtls_test_set_step( 1000 + data_part_len ); + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, @@ -3494,7 +3526,19 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, do_set_lengths, expected_output, - 1, 1 ) ) + 1, 1, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + do_set_lengths, + expected_output, + 1, 1, 1 ) ) break; } } @@ -3527,6 +3571,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) { + /* Split ad into length(ad_part_len) parts. */ mbedtls_test_set_step( ad_part_len ); if( !aead_multipart_internal_func( key_type_arg, key_data, @@ -3537,7 +3582,21 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0 ) ) + 0, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + do_set_lengths, + expected_output, + expect_valid_signature, + 0, 1 ) ) break; } } @@ -3548,7 +3607,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - mbedtls_test_set_step( 1000 + data_part_len ); + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, @@ -3557,7 +3617,20 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0 ) ) + 0, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + do_set_lengths, + expected_output, + expect_valid_signature, + 0, 1 ) ) break; } } From ebf91638b5c6e5d53a77e0a9a12061108a6743b0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 17:54:42 +0100 Subject: [PATCH 103/195] Move set nonce / set length tests to positive test Previous test in state test was not actually making sure that the operatioon could be completed using set lengths / set nonce in either order, thus changed the 'normal' encrypt / decrypt tests to run in alternating order. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 94 ++++++++------------- 1 file changed, 36 insertions(+), 58 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 46f7a1d52..0e9917a43 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -299,7 +299,8 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, data_t *expected_output, int expect_valid_signature, int is_encrypt, - int do_zero_parts ) + int do_zero_parts, + int swap_set_functions ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -396,12 +397,25 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, PSA_ASSERT( status ); - PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - - if( do_set_lengths ) + if( swap_set_functions ) { - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - data_true_size ) ); + if( do_set_lengths ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + } + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + } + else + { + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + if( do_set_lengths ) + { + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); + } } if( ad_part_len != -1 ) @@ -3493,7 +3507,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, -1, do_set_lengths, expected_output, - 1, 1, 0 ) ) + 1, 1, 0, + ( ad_part_len & 0x01 ) ) ) break; /* length(0) part, length(ad_part_len) part, length(0) part... */ @@ -3506,7 +3521,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, -1, do_set_lengths, expected_output, - 1, 1, 1 ) ) + 1, 1, 1, + ( ad_part_len & 0x01 ) ) ) break; } } @@ -3526,7 +3542,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, do_set_lengths, expected_output, - 1, 1, 0 ) ) + 1, 1, 0, + ( data_part_len & 0x01 ) ) ) break; /* length(0) part, length(data_part_len) part, length(0) part... */ @@ -3538,7 +3555,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, do_set_lengths, expected_output, - 1, 1, 1 ) ) + 1, 1, 1, + ( data_part_len & 0x01 ) ) ) break; } } @@ -3582,7 +3600,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0, 0 ) ) + 0, 0, + ( ad_part_len & 0x01 ) ) ) break; /* length(0) part, length(ad_part_len) part, length(0) part... */ @@ -3596,7 +3615,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0, 1 ) ) + 0, 1, + ( ad_part_len & 0x01 ) ) ) break; } } @@ -3617,7 +3637,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0, 0 ) ) + 0, 0, + ( data_part_len & 0x01 ) ) ) break; /* length(0) part, length(data_part_len) part, length(0) part... */ @@ -3630,7 +3651,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, do_set_lengths, expected_output, expect_valid_signature, - 0, 1 ) ) + 0, 1, + ( data_part_len & 0x01 ) ) ) break; } } @@ -4013,50 +4035,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - /* Test that generate/set nonce and set lengths are interchangeable (we - * already tested set nonce followed by set lengths above). */ - - operation = psa_aead_operation_init( ); - - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); - - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ) ); - - PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - - psa_aead_abort( &operation ); - - /* ------------------------------------------------------- */ - - operation = psa_aead_operation_init( ); - - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); - - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ) ); - - PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, - PSA_AEAD_NONCE_MAX_SIZE, - &nonce_length ) ); - - psa_aead_abort( &operation ); - - /* ------------------------------------------------------- */ - - operation = psa_aead_operation_init( ); - - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); - - PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, - PSA_AEAD_NONCE_MAX_SIZE, - &nonce_length ) ); - - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - input_data->len ) ); - - psa_aead_abort( &operation ); - /* Test for setting lengths after already starting data. */ operation = psa_aead_operation_init( ); From 99f548d974a48fcfe58aaf2666872bee146ffa30 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 18:03:50 +0100 Subject: [PATCH 104/195] Fix format issues with check nonce size Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 9f673596f..5310702c6 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -296,7 +296,7 @@ psa_status_t mbedtls_psa_aead_decrypt( goto exit; if( mbedtls_aead_check_nonce_length( &operation, nonce_length ) - != PSA_SUCCESS) + != PSA_SUCCESS ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -428,7 +428,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( mbedtls_aead_check_nonce_length( operation, nonce_length ) - != PSA_SUCCESS) + != PSA_SUCCESS ) { return( PSA_ERROR_INVALID_ARGUMENT ); } From 2fe5db87d5702a4f34f6fd28acaa0f5961584e93 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 18:10:43 +0100 Subject: [PATCH 105/195] Fix passing wrong tag size to GCM finish Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 5310702c6..6af25ec78 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -628,7 +628,7 @@ psa_status_t mbedtls_psa_aead_finish( status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, ciphertext, ciphertext_size, - tag, tag_size ) ); + tag, operation->tag_length ) ); else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) From ed08cf884a6a8462a577dd0ac7ad9b8c4338921d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 18:48:24 +0100 Subject: [PATCH 106/195] Add safety check to chachapoly finish Previous code checked that the buffer was big enough for the tag size for the given algorithm, however chachapoly finish expects a 16 byte buffer passed in, no matter what. If we start supporting smaller chachapoly tags in the future, this could potentially end up in buffer overflow, so add a safety check. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 6af25ec78..bcf3c43a5 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -633,9 +633,18 @@ psa_status_t mbedtls_psa_aead_finish( #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* Belt and braces. Although the above tag_size check should have + * already done this, if we later start supporting smaller tag sizes + * for chachapoly, then passing a tag buffer smaller than 16 into here + * could cause a buffer overflow, so better safe than sorry. */ + if( tag_size < 16 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = mbedtls_to_psa_error( mbedtls_chachapoly_finish( &operation->ctx.chachapoly, tag ) ); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { From 26f4aef3a7f4ef0503862e199dcfe1f2ff4bf583 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 21:47:27 +0100 Subject: [PATCH 107/195] Remove aead_verify call from test driver Function was removed, but missed this reference. Signed-off-by: Paul Elliott --- tests/src/drivers/test_driver_aead.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 698353c5d..5928e0e01 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -272,9 +272,26 @@ psa_status_t mbedtls_test_transparent_aead_verify( } else { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_verify( operation, plaintext, plaintext_size, - plaintext_length, tag, tag_length ); + uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; + size_t check_tag_length; + + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_finish( operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + tag_length, + &check_tag_length ); + + if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) + { + if( tag_length != check_tag_length || + mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + != 0 ) + mbedtls_test_driver_aead_hooks.driver_status = + PSA_ERROR_INVALID_SIGNATURE; + } } return( mbedtls_test_driver_aead_hooks.driver_status ); From 41ffae17b1a1fea67a2dc925616bfa3586ad8a09 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 22 Jul 2021 21:52:01 +0100 Subject: [PATCH 108/195] Fix incorrect function documentation Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0e9917a43..3312f674f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -282,8 +282,13 @@ typedef enum { * \param do_set_lengths If non-zero, then set lengths prior to * calling encryption / decryption. * \param expected_output Expected output - * \param expected_status_arg Expected status + * \param expect_valid_signature If non zero, we expect the signature to be + * valid * \param is_encrypt If non-zero this is an encryption operation. + * \param do_zero_parts If non-zero, interleave zero length chunks + * with normal length chunks + * \param swap_set_functions If non-zero, swap the order of set lengths + * and set nonce. * * \return int Zero on failure, non-zero on success. * From 0a6a5694d94ec7df45cd776e4340210dbe0f5556 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 15:29:21 +0100 Subject: [PATCH 109/195] Add missing include to PSA test driver Signed-off-by: Paul Elliott --- tests/src/drivers/test_driver_aead.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 5928e0e01..ac116ffb0 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" +#include "psa_crypto_core.h" #include "test/drivers/aead.h" From ecce901907ebdc52b382c01d905740d8995c3826 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 15:44:11 +0100 Subject: [PATCH 110/195] Change over to specific per algorith size checks Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index bcf3c43a5..d877638ec 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -568,13 +568,12 @@ psa_status_t mbedtls_psa_aead_update( update_output_length = input_length; - if( PSA_AEAD_UPDATE_OUTPUT_SIZE( operation->key_type, operation->alg, - input_length ) > output_size ) - return ( PSA_ERROR_BUFFER_TOO_SMALL ); - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = mbedtls_to_psa_error( mbedtls_gcm_update( &operation->ctx.gcm, input, input_length, @@ -586,6 +585,9 @@ psa_status_t mbedtls_psa_aead_update( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = mbedtls_to_psa_error( mbedtls_chachapoly_update( &operation->ctx.chachapoly, input_length, @@ -625,10 +627,15 @@ psa_status_t mbedtls_psa_aead_finish( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) + { + if( ciphertext_size < 15 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + status = mbedtls_to_psa_error( mbedtls_gcm_finish( &operation->ctx.gcm, ciphertext, ciphertext_size, tag, operation->tag_length ) ); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) From 863864a2f77ade5e94cca4c6afb19899debdb814 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 17:28:31 +0100 Subject: [PATCH 111/195] Add multipart set nonce test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 28 ++++++ tests/suites/test_suite_psa_crypto.function | 98 +++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8f9d6c4d6..ad54793cd 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2537,6 +2537,34 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS +PSA Multipart Set Nonce, AES - GCM, IV = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM, IV = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM, IV = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3312f674f..0d9543d7b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3766,6 +3766,104 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, + int alg_arg, + int nonce_len, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + uint8_t *nonce_buffer = NULL; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + int index = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len ); + } + + PSA_ASSERT( status ); + + ASSERT_ALLOC( nonce_buffer, nonce_len ); + + for( index = 0; index < nonce_len - 1; ++index) + { + nonce_buffer[index] = 'a' + index; + } + + status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len ); + + TEST_ASSERT( status == expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output_data, output_size, &output_length ) ); + + PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, + &output_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + mbedtls_free( nonce_buffer ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, int alg_arg, From 56e4aa6ae20deb43e59d4d4e436f5377de3ef8a2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 17:36:48 +0100 Subject: [PATCH 112/195] Restore accidentally deleted blank lines Script to generate test data was missing a '\n' Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 61 +++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ad54793cd..5a696fd93 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2313,165 +2313,219 @@ aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a0 PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 + PSA Multipart AEAD decrypt, AES-GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0 + PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0 + PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 + PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1 + PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1 + PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" @@ -2491,24 +2545,31 @@ aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90 PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 + PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 + PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0 + PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1 + PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1 + PSA Multipart AEAD decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0 + PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0 + PSA Multipart Nonce Generation, AES - GCM, IV = 12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS From 693bf312d94ad2ea364cd3902e9d944091b1c5be Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 17:40:41 +0100 Subject: [PATCH 113/195] Fix _arg argument not being cast to correct type Also change to TEST_EQUAL, as this is now possible. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0d9543d7b..5e4eaf85f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3685,6 +3685,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; size_t nonce_generated_len = 0; size_t expected_generated_len = expected_generated_len_arg; unsigned char *output_data = NULL; @@ -3735,13 +3736,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, nonce_len, &nonce_generated_len ); - TEST_ASSERT( status == expected_status_arg ); + TEST_EQUAL( status, expected_status ); TEST_EQUAL( nonce_generated_len, expected_generated_len ); TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE ); - if( expected_status_arg == PSA_SUCCESS ) + if( expected_status == PSA_SUCCESS ) { /* Ensure we can still complete operation. */ @@ -3837,7 +3838,7 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len ); - TEST_ASSERT( status == expected_status ); + TEST_EQUAL( status, expected_status ); if( expected_status == PSA_SUCCESS ) { From 43fbda648db946113848588a4051b42df2794080 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 18:30:59 +0100 Subject: [PATCH 114/195] Add test for update buffer size Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 16 ++++ tests/suites/test_suite_psa_crypto.function | 86 +++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5a696fd93..45d37b6c7 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2626,6 +2626,22 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 10 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS + +PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5e4eaf85f..32be56e06 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3865,6 +3865,92 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int buffer_size, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t finish_output_size = 0; + size_t output_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + ASSERT_ALLOC( output_data, buffer_size ); + + finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + + TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, finish_output_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + status = psa_aead_update( &operation, input_data->x, input_data->len, + output_data, buffer_size, &output_length ); + + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + /* Ensure we can still complete operation. */ + PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, + &output_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); + } + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + + /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, int alg_arg, From 91b021e4c70e0ac7e9352f97d9c55cb29f4572d0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 23 Jul 2021 18:52:31 +0100 Subject: [PATCH 115/195] Add finish buffer size test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 21 +++++- tests/suites/test_suite_psa_crypto.function | 81 +++++++++++++++++++++ 2 files changed, 98 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 45d37b6c7..d22353790 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2626,22 +2626,35 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 10 +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL -PSA AEAD buffer test: AES - GCM, IN = 16, BUF = 16 +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS -PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10 +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL -PSA AEAD buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS +PSA AEAD finish buffer test: AES - GCM, BUF = 8 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS + + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 32be56e06..b8023eeb1 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3950,6 +3950,87 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, + int alg_arg, + int buffer_size, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + int expected_status_arg ) +{ + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *output_data = NULL; + unsigned char *final_data = NULL; + size_t output_size = 0; + size_t output_length = 0; + size_t tag_length = 0; + uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + + ASSERT_ALLOC( output_data, output_size ); + + TEST_ASSERT( buffer_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + + ASSERT_ALLOC( final_data, buffer_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, + output_data, output_size, &output_length ) ); + + /* Ensure we can still complete operation. */ + status = psa_aead_finish( &operation, final_data, buffer_size, + &output_length, tag_buffer, + PSA_AEAD_TAG_MAX_SIZE, &tag_length ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( output_data ); + mbedtls_free( final_data ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, From 814fffbd72bfa2bcc3bd4716c03ecf9e0110113b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 16 Aug 2021 18:20:36 +0100 Subject: [PATCH 116/195] Remove overly strict final checks Signed-off-by: Paul Elliott --- library/psa_crypto.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 95f974063..e40e370a0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3749,11 +3749,8 @@ exit: return( status ); } -static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation, - size_t output_size ) +static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) { - size_t finish_output_size; - if( operation->id == 0 || !operation->nonce_set ) return( PSA_ERROR_BAD_STATE ); @@ -3761,13 +3758,6 @@ static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation, operation->body_remaining != 0 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - finish_output_size = operation->is_encrypt ? - PSA_AEAD_FINISH_OUTPUT_SIZE( operation->key_type, operation->alg ) : - PSA_AEAD_VERIFY_OUTPUT_SIZE( operation->key_type, operation->alg ); - - if( output_size < finish_output_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - return( PSA_SUCCESS ); } @@ -3785,7 +3775,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *ciphertext_length = 0; *tag_length = tag_size; - status = psa_aead_final_checks( operation, ciphertext_size ); + status = psa_aead_final_checks( operation ); if( status != PSA_SUCCESS ) goto exit; @@ -3831,7 +3821,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; - status = psa_aead_final_checks( operation, plaintext_size ); + status = psa_aead_final_checks( operation ); if( status != PSA_SUCCESS ) goto exit; From 66696b5591e18d308389e0d9123765cf38d75542 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 16 Aug 2021 18:42:41 +0100 Subject: [PATCH 117/195] Improve nonce length checks Add the missing nonce length checks (this function is being used by oneshot functions as well as multipart, and thus all cipher suites are being used) and cover the case where a NULL buffer gets passed in. Extended the set nonce test to cover this. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 17 +++++++++++++++- tests/suites/test_suite_psa_crypto.data | 22 ++++++++++++++------- tests/suites/test_suite_psa_crypto.function | 20 +++++++++++++++---- 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index d877638ec..92c5ccf9e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -141,6 +141,21 @@ static psa_status_t mbedtls_aead_check_nonce_length( mbedtls_psa_aead_operation_t *operation, size_t nonce_length ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + if( nonce_length == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( nonce_length < 7 || nonce_length > 13 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { @@ -428,7 +443,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( mbedtls_aead_check_nonce_length( operation, nonce_length ) - != PSA_SUCCESS ) + != PSA_SUCCESS || nonce == NULL ) { return( PSA_ERROR_INVALID_ARGUMENT ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d22353790..f2355d60b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2598,33 +2598,41 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS +PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:1:"":"":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart Set Nonce, AES - GCM, IV = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce, AES - GCM, IV = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce, AES - GCM, IV = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:0:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:1:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b8023eeb1..58e43870b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3771,6 +3771,7 @@ exit: void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, int alg_arg, int nonce_len, + int allow_null_nonce_buffer, data_t *additional_data, data_t *input_data, int expected_status_arg ) @@ -3829,11 +3830,22 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, PSA_ASSERT( status ); - ASSERT_ALLOC( nonce_buffer, nonce_len ); - - for( index = 0; index < nonce_len - 1; ++index) + if( nonce_len == 0 ) { - nonce_buffer[index] = 'a' + index; + if( !allow_null_nonce_buffer ) + { + /* Arbitrary size buffer, to test zero length valid buffer. */ + ASSERT_ALLOC( nonce_buffer, 4 ); + } + } + else + { + ASSERT_ALLOC( nonce_buffer, nonce_len ); + + for( index = 0; index < nonce_len - 1; ++index) + { + nonce_buffer[index] = 'a' + index; + } } status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len ); From 5d3a3c3ee43a54e5ad2cb2e80200cb770435ae67 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 19 Aug 2021 18:34:41 +0100 Subject: [PATCH 118/195] Fix arguments formatting mistake Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 09fff0c6b..1dd3b2db9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1509,7 +1509,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; status = mbedtls_test_transparent_aead_decrypt_setup( &operation->ctx.transparent_test_driver_ctx, - attributes, + attributes, key_buffer, key_buffer_size, alg ); @@ -1523,7 +1523,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; status = mbedtls_psa_aead_decrypt_setup( &operation->ctx.mbedtls_ctx, - attributes, + attributes, key_buffer, key_buffer_size, alg ); From e0a12bd852b07ee7fdec24585646f31c341391be Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 19 Aug 2021 18:55:56 +0100 Subject: [PATCH 119/195] Refactor aead setup functions into single function Move common encrypt / decrypt code into common function, and roll in previously refactored setup checks function, as this is now the only place it is called. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 154 +++++++++++++++++++------------------------ 1 file changed, 66 insertions(+), 88 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e40e370a0..1566a4534 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3401,26 +3401,82 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); } -static psa_status_t psa_aead_setup_checks( psa_aead_operation_t *operation, - psa_algorithm_t alg ) +/* Set the key for a multipart authenticated operation. */ +static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; + psa_key_usage_t key_usage = 0; + if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) ) { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } if( operation->id != 0 ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } if( operation->nonce_set || operation->lengths_set || operation->ad_started || operation->body_started ) { - return( PSA_ERROR_BAD_STATE ); + status = PSA_ERROR_BAD_STATE; + goto exit; } - return( PSA_SUCCESS ); + if( operation->is_encrypt ) + key_usage = PSA_KEY_USAGE_ENCRYPT; + else + key_usage = PSA_KEY_USAGE_DECRYPT; + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage, + alg ); + + if( status != PSA_SUCCESS ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + if( operation->is_encrypt ) + status = psa_driver_wrapper_aead_encrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + else + status = psa_driver_wrapper_aead_decrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); + + + if( status != PSA_SUCCESS ) + goto exit; + + operation->key_type = psa_get_key_type( &attributes ); + +exit: + + unlock_status = psa_unlock_key_slot( slot ); + + if( status == PSA_SUCCESS ) + { + status = unlock_status; + operation->alg = psa_aead_get_base_algorithm( alg ); + } + else + psa_aead_abort( operation ); + + return( status ); } /* Set the key for a multipart authenticated encryption operation. */ @@ -3428,48 +3484,9 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot = NULL; + operation->is_encrypt = 1; - status = psa_aead_setup_checks( operation, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_get_and_lock_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - psa_key_attributes_t attributes = { - .core = slot->attr - }; - - status = psa_driver_wrapper_aead_encrypt_setup( operation, - &attributes, slot->key.data, - slot->key.bytes, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - operation->key_type = psa_get_key_type( &attributes ); - -exit: - - unlock_status = psa_unlock_key_slot( slot ); - - if( status == PSA_SUCCESS ) - { - status = unlock_status; - operation->alg = psa_aead_get_base_algorithm( alg ); - operation->is_encrypt = 1; - } - else - psa_aead_abort( operation ); - - return( status ); + return( psa_aead_setup( operation, key, alg ) ); } /* Set the key for a multipart authenticated decryption operation. */ @@ -3477,48 +3494,9 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot = NULL; + operation->is_encrypt = 0; - status = psa_aead_setup_checks( operation, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_get_and_lock_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - psa_key_attributes_t attributes = { - .core = slot->attr - }; - - status = psa_driver_wrapper_aead_decrypt_setup( operation, - &attributes, slot->key.data, - slot->key.bytes, alg ); - - if( status != PSA_SUCCESS ) - goto exit; - - operation->key_type = psa_get_key_type( &attributes ); - -exit: - - unlock_status = psa_unlock_key_slot( slot ); - - if( status == PSA_SUCCESS ) - { - status = unlock_status; - operation->alg = psa_aead_get_base_algorithm( alg ); - operation->is_encrypt = 0; - } - else - psa_aead_abort( operation ); - - return( status ); + return( psa_aead_setup( operation, key, alg ) ); } /* Generate a random nonce / IV for multipart AEAD operation */ From 36869706e298e86982587c10903a0d7d4acfd049 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 19 Aug 2021 19:17:04 +0100 Subject: [PATCH 120/195] Remove duplicated statements in documentation. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 38202b6fb..5ed26d002 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -159,10 +159,7 @@ psa_status_t mbedtls_psa_aead_decrypt( * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a * call to mbedtls_psa_aead_abort(). The PSA core may call * mbedtls_psa_aead_abort() at any time after the operation has been - * initialized. - * - * After a successful call to mbedtls_psa_aead_encrypt_setup(), the PSA core - * eventually terminates the operation by calling mbedtls_psa_aead_abort(). + * initialized, and is required to when the operation is no longer needed. * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for @@ -203,10 +200,7 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a * call to mbedtls_psa_aead_abort(). The PSA core may call * mbedtls_psa_aead_abort() at any time after the operation has been - * initialized. - * - * After a successful call to mbedtls_psa_aead_decrypt_setup(), the PSA core - * eventually terminates the operation by a call to mbedtls_psa_aead_abort(). + * initialized, and is required to when the operation is no longer needed. * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for From d9343f2f0ffc48353e44560cdf23ee6e917b921a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 23 Aug 2021 18:59:49 +0100 Subject: [PATCH 121/195] Refactor is_encrypt into aead setup arguments Avoid touching the operation until later. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1566a4534..13116dcad 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3403,6 +3403,7 @@ static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) /* Set the key for a multipart authenticated operation. */ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, + int is_encrypt, mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { @@ -3430,7 +3431,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, goto exit; } - if( operation->is_encrypt ) + if( is_encrypt ) key_usage = PSA_KEY_USAGE_ENCRYPT; else key_usage = PSA_KEY_USAGE_DECRYPT; @@ -3445,7 +3446,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, .core = slot->attr }; - if( operation->is_encrypt ) + if( is_encrypt ) status = psa_driver_wrapper_aead_encrypt_setup( operation, &attributes, slot->key.data, @@ -3472,6 +3473,7 @@ exit: { status = unlock_status; operation->alg = psa_aead_get_base_algorithm( alg ); + operation->is_encrypt = is_encrypt; } else psa_aead_abort( operation ); @@ -3484,9 +3486,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - operation->is_encrypt = 1; - - return( psa_aead_setup( operation, key, alg ) ); + return( psa_aead_setup( operation, 1, key, alg ) ); } /* Set the key for a multipart authenticated decryption operation. */ @@ -3494,9 +3494,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - operation->is_encrypt = 0; - - return( psa_aead_setup( operation, key, alg ) ); + return( psa_aead_setup( operation, 0, key, alg ) ); } /* Generate a random nonce / IV for multipart AEAD operation */ From f127763ec9d234ec50adb01c9697649fdcb2395f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 24 Aug 2021 18:11:37 +0100 Subject: [PATCH 122/195] Align generate nonce variables with psa convention Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 45 +++++++++++---------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 58e43870b..26c6c768e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3671,8 +3671,8 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, /* BEGIN_CASE */ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, int alg_arg, - int nonce_len, - int expected_generated_len_arg, + int nonce_length, + int expected_nonce_length_arg, data_t *additional_data, data_t *input_data, int expected_status_arg ) @@ -3686,13 +3686,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; - size_t nonce_generated_len = 0; - size_t expected_generated_len = expected_generated_len_arg; - unsigned char *output_data = NULL; - unsigned char *final_data = NULL; + size_t actual_nonce_length = 0; + size_t expected_nonce_length = expected_nonce_length_arg; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; size_t output_size = 0; - size_t finish_output_size = 0; - size_t output_length = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; @@ -3709,13 +3709,13 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); - ASSERT_ALLOC( output_data, output_size ); + ASSERT_ALLOC( output, output_size ); - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( final_data, finish_output_size ); + ASSERT_ALLOC( ciphertext, ciphertext_size ); operation = psa_aead_operation_init( ); @@ -3727,20 +3727,20 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, if( status == PSA_ERROR_NOT_SUPPORTED ) { MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); } PSA_ASSERT( status ); status = psa_aead_generate_nonce( &operation, nonce_buffer, - nonce_len, - &nonce_generated_len ); + nonce_length, + &actual_nonce_length ); TEST_EQUAL( status, expected_status ); - TEST_EQUAL( nonce_generated_len, expected_generated_len ); + TEST_EQUAL( actual_nonce_length, expected_nonce_length ); - TEST_ASSERT( nonce_generated_len < PSA_AEAD_NONCE_MAX_SIZE ); + TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE ); if( expected_status == PSA_SUCCESS ) { @@ -3751,17 +3751,18 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, additional_data->len ) ); PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, - output_data, output_size, &output_length ) ); + output, output_size, + &ciphertext_length ) ); - PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, - &output_length, tag_buffer, + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); } exit: psa_destroy_key( key ); - mbedtls_free( output_data ); - mbedtls_free( final_data ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); psa_aead_abort( &operation ); PSA_DONE( ); } From 6f0e72038d34bc7b26f42170f4bd8f38dfec7cf6 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 12:57:18 +0100 Subject: [PATCH 123/195] Align set nonce variables with psa convention Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 39 +++++++++++---------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 26c6c768e..4ac421060 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3771,7 +3771,7 @@ exit: /* BEGIN_CASE */ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, int alg_arg, - int nonce_len, + int nonce_length, int allow_null_nonce_buffer, data_t *additional_data, data_t *input_data, @@ -3786,11 +3786,11 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; - unsigned char *output_data = NULL; - unsigned char *final_data = NULL; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; size_t output_size = 0; - size_t finish_output_size = 0; - size_t output_length = 0; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; int index = 0; @@ -3808,13 +3808,13 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); - ASSERT_ALLOC( output_data, output_size ); + ASSERT_ALLOC( output, output_size ); - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + TEST_ASSERT( ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( final_data, finish_output_size ); + ASSERT_ALLOC( ciphertext, ciphertext_size ); operation = psa_aead_operation_init( ); @@ -3826,12 +3826,12 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, if( status == PSA_ERROR_NOT_SUPPORTED ) { MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_len ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); } PSA_ASSERT( status ); - if( nonce_len == 0 ) + if( nonce_length == 0 ) { if( !allow_null_nonce_buffer ) { @@ -3841,15 +3841,15 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, } else { - ASSERT_ALLOC( nonce_buffer, nonce_len ); + ASSERT_ALLOC( nonce_buffer, nonce_length ); - for( index = 0; index < nonce_len - 1; ++index) + for( index = 0; index < nonce_length - 1; ++index) { nonce_buffer[index] = 'a' + index; } } - status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_len ); + status = psa_aead_set_nonce( &operation, nonce_buffer, nonce_length ); TEST_EQUAL( status, expected_status ); @@ -3861,17 +3861,18 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, additional_data->len ) ); PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, - output_data, output_size, &output_length ) ); + output, output_size, + &ciphertext_length ) ); - PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, - &output_length, tag_buffer, + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); } exit: psa_destroy_key( key ); - mbedtls_free( output_data ); - mbedtls_free( final_data ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); mbedtls_free( nonce_buffer ); psa_aead_abort( &operation ); PSA_DONE( ); From daf5c8954c121b73f2cb1764e99738eac686ad61 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 16:24:58 +0100 Subject: [PATCH 124/195] Remove extraneous state checks Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 13116dcad..0bdbc5bd7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3514,8 +3514,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->ad_started || - operation->body_started || !operation->is_encrypt ) + if( operation->nonce_set || !operation->is_encrypt ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3561,8 +3560,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set || operation->ad_started || - operation->body_started ) + if( operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; From b8db2c572615c3d6a8563643f591efa87800dbff Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 16:33:06 +0100 Subject: [PATCH 125/195] Remove extra blank lines Signed-off-by: Paul Elliott --- library/psa_crypto.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0bdbc5bd7..79b2618b5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3438,7 +3438,6 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, status = psa_get_and_lock_key_slot_with_policy( key, &slot, key_usage, alg ); - if( status != PSA_SUCCESS ) goto exit; @@ -3458,15 +3457,12 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, slot->key.data, slot->key.bytes, alg ); - - if( status != PSA_SUCCESS ) goto exit; operation->key_type = psa_get_key_type( &attributes ); exit: - unlock_status = psa_unlock_key_slot( slot ); if( status == PSA_SUCCESS ) @@ -3522,7 +3518,6 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type, operation->alg ); - if( nonce_size < required_nonce_size ) { status = PSA_ERROR_BUFFER_TOO_SMALL; @@ -3530,14 +3525,12 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, } status = psa_generate_random( nonce, required_nonce_size ); - if( status != PSA_SUCCESS ) goto exit; status = psa_aead_set_nonce( operation, nonce, required_nonce_size ); exit: - if( status == PSA_SUCCESS ) *nonce_length = required_nonce_size; else @@ -3576,7 +3569,6 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, nonce_length ); exit: - if( status == PSA_SUCCESS ) operation->nonce_set = 1; else @@ -3609,7 +3601,6 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, plaintext_length ); exit: - if( status == PSA_SUCCESS ) { operation->ad_remaining = ad_length; @@ -3655,7 +3646,6 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, input_length ); exit: - if( status == PSA_SUCCESS ) operation->ad_started = 1; else @@ -3714,7 +3704,6 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation, output_length ); exit: - if( status == PSA_SUCCESS ) operation->body_started = 1; else @@ -3750,7 +3739,6 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, *tag_length = tag_size; status = psa_aead_final_checks( operation ); - if( status != PSA_SUCCESS ) goto exit; @@ -3766,7 +3754,6 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, tag, tag_size, tag_length ); exit: - /* In case the operation fails and the user fails to check for failure or * the zero tag size, make sure the tag is set to something impossible. * Even if the operation succeeds, make sure we set the rest of the @@ -3796,7 +3783,6 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, *plaintext_length = 0; status = psa_aead_final_checks( operation ); - if( status != PSA_SUCCESS ) goto exit; @@ -3812,7 +3798,6 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation, tag, tag_length ); exit: - psa_aead_abort( operation ); return( status ); From 3242f6c8efd6f4af7b06725d7a2c720c78a03bb2 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 16:33:47 +0100 Subject: [PATCH 126/195] Fix formatting issue Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 79b2618b5..c2b318cca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3517,7 +3517,7 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation, } required_nonce_size = PSA_AEAD_NONCE_LENGTH( operation->key_type, - operation->alg ); + operation->alg ); if( nonce_size < required_nonce_size ) { status = PSA_ERROR_BUFFER_TOO_SMALL; From efda3408ce87fc659e273ed86bf66a75390ffeb1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 17:16:52 +0100 Subject: [PATCH 127/195] Fix formatting issues Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 92c5ccf9e..337748a23 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -469,7 +469,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( operation->is_encrypt ? MBEDTLS_CHACHAPOLY_ENCRYPT : MBEDTLS_CHACHAPOLY_DECRYPT ) ); - } + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { @@ -482,6 +482,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( return( status ); } + /* Declare the lengths of the message and additional data for AEAD. */ psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t *operation, From 2e450093e1a9e217741664dc9b0e7a5b1e62a0d9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 17:18:22 +0100 Subject: [PATCH 128/195] Remove variables declared as unused They are now always being used. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 337748a23..aa266ea87 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -473,9 +473,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { - ( void ) operation; ( void ) nonce; - ( void ) nonce_length; return ( PSA_ERROR_NOT_SUPPORTED ); } From 5e69aa5709bb6f6bf1f089ec8648e800c5c8a82b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Aug 2021 17:24:37 +0100 Subject: [PATCH 129/195] Remove NULL check for set nonce Also remove tests which would pass NULL to this function. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 2 +- tests/suites/test_suite_psa_crypto.data | 23 +++++++-------------- tests/suites/test_suite_psa_crypto.function | 8 ++----- 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index aa266ea87..033dc8207 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -443,7 +443,7 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( mbedtls_aead_check_nonce_length( operation, nonce_length ) - != PSA_SUCCESS || nonce == NULL ) + != PSA_SUCCESS ) { return( PSA_ERROR_INVALID_ARGUMENT ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f2355d60b..371fee024 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2598,41 +2598,33 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS -PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL) -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:1:"":"":PSA_ERROR_INVALID_ARGUMENT - PSA Multipart Set Nonce, AES - GCM, IV = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce, AES - GCM, IV = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce, AES - GCM, IV = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:0:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_INVALID_ARGUMENT - -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL) -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:1:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES @@ -2662,7 +2654,6 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS - PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4ac421060..5fb7086a1 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3772,7 +3772,6 @@ exit: void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, int alg_arg, int nonce_length, - int allow_null_nonce_buffer, data_t *additional_data, data_t *input_data, int expected_status_arg ) @@ -3833,11 +3832,8 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, if( nonce_length == 0 ) { - if( !allow_null_nonce_buffer ) - { - /* Arbitrary size buffer, to test zero length valid buffer. */ - ASSERT_ALLOC( nonce_buffer, 4 ); - } + /* Arbitrary size buffer, to test zero length valid buffer. */ + ASSERT_ALLOC( nonce_buffer, 4 ); } else { From 3d7d52c2edba82ec109e533379727099b3073deb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 1 Sep 2021 10:33:14 +0100 Subject: [PATCH 130/195] Formatting fixes Signed-off-by: Paul Elliott --- library/psa_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c2b318cca..b335aa37c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3553,7 +3553,7 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } - if( operation->nonce_set ) + if( operation->nonce_set ) { status = PSA_ERROR_BAD_STATE; goto exit; @@ -3612,7 +3612,8 @@ exit: return( status ); } - /* Pass additional data to an active multipart AEAD operation. */ + +/* Pass additional data to an active multipart AEAD operation. */ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation, const uint8_t *input, size_t input_length ) From c6d11d02f5223f62a35954dc2b8c5342a246ad8f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 1 Sep 2021 12:04:23 +0100 Subject: [PATCH 131/195] Aligh update buffer test variables with psa naming Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 29 ++++++++++----------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5fb7086a1..e01c49588 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3878,7 +3878,7 @@ exit: /* BEGIN_CASE */ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, int alg_arg, - int buffer_size, + int output_size_arg, data_t *nonce, data_t *additional_data, data_t *input_data, @@ -3892,10 +3892,11 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; - unsigned char *output_data = NULL; - unsigned char *final_data = NULL; - size_t finish_output_size = 0; - size_t output_length = 0; + unsigned char *output = NULL; + unsigned char *ciphertext = NULL; + size_t output_size = output_size_arg; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; @@ -3910,13 +3911,11 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - ASSERT_ALLOC( output_data, buffer_size ); + ASSERT_ALLOC( output, output_size ); - finish_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + ciphertext_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( finish_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - - ASSERT_ALLOC( final_data, finish_output_size ); + ASSERT_ALLOC( ciphertext, ciphertext_size ); operation = psa_aead_operation_init( ); @@ -3939,22 +3938,22 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, additional_data->len ) ); status = psa_aead_update( &operation, input_data->x, input_data->len, - output_data, buffer_size, &output_length ); + output, output_size, &ciphertext_length ); TEST_EQUAL( status, expected_status ); if( expected_status == PSA_SUCCESS ) { /* Ensure we can still complete operation. */ - PSA_ASSERT( psa_aead_finish( &operation, final_data, finish_output_size, - &output_length, tag_buffer, + PSA_ASSERT( psa_aead_finish( &operation, ciphertext, ciphertext_size, + &ciphertext_length, tag_buffer, PSA_AEAD_TAG_MAX_SIZE, &tag_length ) ); } exit: psa_destroy_key( key ); - mbedtls_free( output_data ); - mbedtls_free( final_data ); + mbedtls_free( output ); + mbedtls_free( ciphertext ); psa_aead_abort( &operation ); PSA_DONE( ); } From 7f6284224799746a0c93a31fc46afc49249acbbd Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 1 Sep 2021 12:08:29 +0100 Subject: [PATCH 132/195] Add test for calling update when nonce not set Previously only testing calling update_ad in this state. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e01c49588..0c009811c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4224,6 +4224,19 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + /* Test for double setting nonce. */ operation = psa_aead_operation_init( ); From b0450febe6fc546b9744b8637b8671a16d809bf6 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 1 Sep 2021 15:06:26 +0100 Subject: [PATCH 133/195] Tests for sending too much data after set lengths We previously had tests for not sending enough (additional) data, but were missing tests for sending too much. I have added these to the state tests, as I don't think this is complex enough to deserve a standalone test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 34 +++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0c009811c..a88108715 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4407,6 +4407,40 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test for sending too much additional data after setting lengths. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + + /* Test for sending too much data after setting lengths. */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, 0, 0 ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + /* Test sending additional data after data. */ operation = psa_aead_operation_init( ); From e64deda873027d7e0a841fda47e741aa55cf2498 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 9 Sep 2021 14:07:23 +0100 Subject: [PATCH 134/195] Add missing check to multipart decrypt Ensure that the test actually does something, rather than skipping both parts, also add comment to this effect. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a88108715..19b687e17 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3494,6 +3494,8 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, size_t ad_part_len = 0; size_t data_part_len = 0; + /* Ensure that either one part of the test or the other is done, i.e this + * test does something. */ TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked ); /* Temporary whilst we have algorithms that cannot support chunking */ @@ -3588,6 +3590,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, size_t ad_part_len = 0; size_t data_part_len = 0; + /* Ensure that either one part of the test or the other is done, i.e this + * test does something. */ + TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked ); + /* Temporary whilst we have algorithms that cannot support chunking */ if( do_test_ad_chunked == 1 ) { From 4023ffd275d27e5c4ae2c6dffff5c042c6b2566a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Sep 2021 16:21:22 +0100 Subject: [PATCH 135/195] Re-add option of NULL buffer for nonce tests NULL/zero length or valid buffer/zero length both now tested Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 12 ++++++++++-- tests/suites/test_suite_psa_crypto.function | 20 ++++++++++++++------ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 371fee024..ff3718bd8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2598,10 +2598,14 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS -PSA Multipart Set Nonce, AES - GCM, IV = 0 +PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT +PSA Multipart Set Nonce, AES - GCM, IV = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart Set Nonce, AES - GCM, IV = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS @@ -2618,10 +2622,14 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT +PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 19b687e17..4dfaccb97 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3777,7 +3777,7 @@ exit: /* BEGIN_CASE */ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, int alg_arg, - int nonce_length, + int nonce_length_arg, data_t *additional_data, data_t *input_data, int expected_status_arg ) @@ -3793,12 +3793,13 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, psa_status_t expected_status = expected_status_arg; unsigned char *output = NULL; unsigned char *ciphertext = NULL; + size_t nonce_length; size_t output_size = 0; size_t ciphertext_size = 0; size_t ciphertext_length = 0; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; - int index = 0; + size_t index = 0; PSA_ASSERT( psa_crypto_init( ) ); @@ -3831,23 +3832,30 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, if( status == PSA_ERROR_NOT_SUPPORTED ) { MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); - MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce_length_arg ); } PSA_ASSERT( status ); - if( nonce_length == 0 ) + /* -1 == zero length and valid buffer, 0 = zero length and NULL buffer. */ + if( nonce_length_arg == -1 ) { /* Arbitrary size buffer, to test zero length valid buffer. */ ASSERT_ALLOC( nonce_buffer, 4 ); + nonce_length = 0; } else { + /* If length is zero, then this will return NULL. */ + nonce_length = ( size_t ) nonce_length_arg; ASSERT_ALLOC( nonce_buffer, nonce_length ); - for( index = 0; index < nonce_length - 1; ++index) + if( nonce_buffer ) { - nonce_buffer[index] = 'a' + index; + for( index = 0; index < nonce_length - 1; ++index ) + { + nonce_buffer[index] = 'a' + index; + } } } From e58cb1e0cf2f517fb407e4808aee6bffd0a0b263 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Sep 2021 18:36:00 +0100 Subject: [PATCH 136/195] Aligh finish_buffer_test vars with PSA standard Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 30 +++++++++++---------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4dfaccb97..5c27a5957 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3976,7 +3976,7 @@ exit: /* BEGIN_CASE */ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, int alg_arg, - int buffer_size, + int finish_ciphertext_size_arg, data_t *nonce, data_t *additional_data, data_t *input_data, @@ -3990,10 +3990,11 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; - unsigned char *output_data = NULL; - unsigned char *final_data = NULL; - size_t output_size = 0; - size_t output_length = 0; + unsigned char *ciphertext = NULL; + unsigned char *finish_ciphertext = NULL; + size_t ciphertext_size = 0; + size_t ciphertext_length = 0; + size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg; size_t tag_length = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; @@ -4008,13 +4009,13 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); - output_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); + ciphertext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, input_data->len ); - ASSERT_ALLOC( output_data, output_size ); + ASSERT_ALLOC( ciphertext, ciphertext_size ); - TEST_ASSERT( buffer_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + TEST_ASSERT( finish_ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( final_data, buffer_size ); + ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); operation = psa_aead_operation_init( ); @@ -4037,19 +4038,20 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, additional_data->len ) ); PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, - output_data, output_size, &output_length ) ); + ciphertext, ciphertext_size, &ciphertext_length ) ); /* Ensure we can still complete operation. */ - status = psa_aead_finish( &operation, final_data, buffer_size, - &output_length, tag_buffer, + status = psa_aead_finish( &operation, finish_ciphertext, + finish_ciphertext_size, + &ciphertext_length, tag_buffer, PSA_AEAD_TAG_MAX_SIZE, &tag_length ); TEST_EQUAL( status, expected_status ); exit: psa_destroy_key( key ); - mbedtls_free( output_data ); - mbedtls_free( final_data ); + mbedtls_free( ciphertext ); + mbedtls_free( finish_ciphertext ); psa_aead_abort( &operation ); PSA_DONE( ); } From 719c1324a124dcb7f6744f206e2c930020032629 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 13 Sep 2021 18:27:22 +0100 Subject: [PATCH 137/195] Add tag buffer size tests to finish buffer tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 29 ++++++++++++++++----- tests/suites/test_suite_psa_crypto.function | 8 ++++-- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ff3718bd8..8bf730387 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2650,17 +2650,34 @@ PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS -PSA AEAD finish buffer test: AES - GCM, BUF = 8 +PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL -PSA AEAD finish buffer test: AES - GCM, BUF = 15 +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS -PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0 +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:20:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 15 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:15:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + +PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5c27a5957..eea0b68e0 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3977,6 +3977,7 @@ exit: void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, int alg_arg, int finish_ciphertext_size_arg, + int tag_size_arg, data_t *nonce, data_t *additional_data, data_t *input_data, @@ -3992,11 +3993,12 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, psa_status_t expected_status = expected_status_arg; unsigned char *ciphertext = NULL; unsigned char *finish_ciphertext = NULL; + unsigned char *tag_buffer = NULL; size_t ciphertext_size = 0; size_t ciphertext_length = 0; size_t finish_ciphertext_size = ( size_t ) finish_ciphertext_size_arg; + size_t tag_size = ( size_t ) tag_size_arg; size_t tag_length = 0; - uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; PSA_ASSERT( psa_crypto_init( ) ); @@ -4017,6 +4019,8 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); + ASSERT_ALLOC( tag_buffer, tag_size ); + operation = psa_aead_operation_init( ); status = psa_aead_encrypt_setup( &operation, key, alg ); @@ -4044,7 +4048,7 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, status = psa_aead_finish( &operation, finish_ciphertext, finish_ciphertext_size, &ciphertext_length, tag_buffer, - PSA_AEAD_TAG_MAX_SIZE, &tag_length ); + tag_size, &tag_length ); TEST_EQUAL( status, expected_status ); From 06b6b8c8d6752d4da7d58f80cb52c41e2f2a30a5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 13 Sep 2021 19:02:04 +0100 Subject: [PATCH 138/195] Add missing zeroize for sensitive tag data. Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 1dd3b2db9..5e7eb11cc 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1760,6 +1760,8 @@ psa_status_t psa_driver_wrapper_aead_verify( status = PSA_ERROR_INVALID_SIGNATURE; } + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); + return( status ); } From b183d56b5f0a836af85c9bedaf9790ef0d0b284d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 13 Sep 2021 19:02:57 +0100 Subject: [PATCH 139/195] Use safer size for tag checking Signed-off-by: Paul Elliott --- library/psa_crypto_driver_wrappers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5e7eb11cc..4c56162f3 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1749,7 +1749,7 @@ psa_status_t psa_driver_wrapper_aead_verify( plaintext_size, plaintext_length, check_tag, - tag_length, + sizeof( check_tag ), &check_tag_length ); if( status == PSA_SUCCESS ) From 5a9642ff287c96b19c5933b85f10c9c9f7e894fb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 13 Sep 2021 19:13:22 +0100 Subject: [PATCH 140/195] Correct switched blocks for output sizes Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index eea0b68e0..b99be90ff 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -372,13 +372,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, if( is_encrypt ) { - final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); + final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); } else { - final_output_size = PSA_AEAD_FINISH_OUTPUT_SIZE( key_type, alg ); - TEST_ASSERT( final_output_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); + final_output_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + TEST_ASSERT( final_output_size <= PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE ); } ASSERT_ALLOC( final_data, final_output_size ); From 6bfd0fbbc6b24e1b8a5d76c226ff6c806fef49c1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 14:15:55 +0100 Subject: [PATCH 141/195] Convert all uint32_t lengths over to size_t Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b99be90ff..da3950214 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -297,9 +297,9 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int ad_part_len, + int ad_part_len_arg, data_t *input_data, - int data_part_len, + int data_part_len_arg, int do_set_lengths, data_t *expected_output, int expect_valid_signature, @@ -321,16 +321,18 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, size_t output_length = 0; size_t key_bits = 0; size_t tag_length = 0; - uint32_t part_offset = 0; + size_t part_offset = 0; size_t part_length = 0; size_t output_part_length = 0; size_t tag_size = 0; + size_t ad_part_len = 0; + size_t data_part_len = 0; uint8_t tag_buffer[PSA_AEAD_TAG_MAX_SIZE]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; int test_ok = 0; - uint32_t part_count = 0; + size_t part_count = 0; PSA_ASSERT( psa_crypto_init( ) ); @@ -423,9 +425,10 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, } } - if( ad_part_len != -1 ) + if( ad_part_len_arg != -1 ) { /* Pass additional data in parts */ + ad_part_len = (size_t) ad_part_len_arg; part_offset = 0; while( part_offset < additional_data->len ) @@ -436,8 +439,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, } else { - if( additional_data->len - part_offset < - ( uint32_t ) ad_part_len ) + if( additional_data->len - part_offset < ad_part_len ) { part_length = additional_data->len - part_offset; } @@ -461,9 +463,10 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, additional_data->len ) ); } - if( data_part_len != -1 ) + if( data_part_len_arg != -1 ) { /* Pass data in parts */ + data_part_len = ( size_t ) data_part_len_arg; part_data_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, ( size_t ) data_part_len ); @@ -479,7 +482,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, } else { - if( ( data_true_size - part_offset ) < ( uint32_t ) data_part_len ) + if( ( data_true_size - part_offset ) < data_part_len ) { part_length = ( data_true_size - part_offset ); } From 9454cfa911ceb40d9caf83085ca739f03607af1f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 14:21:55 +0100 Subject: [PATCH 142/195] Remove unneccesary safety check in test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index da3950214..543b2f6b2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4018,8 +4018,6 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, ASSERT_ALLOC( ciphertext, ciphertext_size ); - TEST_ASSERT( finish_ciphertext_size <= PSA_AEAD_FINISH_OUTPUT_MAX_SIZE ); - ASSERT_ALLOC( finish_ciphertext, finish_ciphertext_size ); ASSERT_ALLOC( tag_buffer, tag_size ); From 33746aac321225b0d546d1394b6ad3d65e6d8567 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 16:40:40 +0100 Subject: [PATCH 143/195] Convert set lengths options over to enum Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 107 ++++++++++++-------- 1 file changed, 67 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 543b2f6b2..99183991d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -264,6 +264,13 @@ typedef enum { DERIVE_KEY = 2 } generate_method; +typedef enum +{ + DO_NOT_SET_LENGTHS = 0, + SET_LENGTHS_BEFORE_NONCE = 1, + SET_LENGTHS_AFTER_NONCE = 2 +} setlengths_method; + /*! * \brief Internal Function for AEAD multipart tests. * @@ -300,12 +307,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int ad_part_len_arg, data_t *input_data, int data_part_len_arg, - int do_set_lengths, + setlengths_method set_lengths_method, data_t *expected_output, int expect_valid_signature, int is_encrypt, - int do_zero_parts, - int swap_set_functions ) + int do_zero_parts ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -404,25 +410,20 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, PSA_ASSERT( status ); - if( swap_set_functions ) + if( set_lengths_method == DO_NOT_SET_LENGTHS ) + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + else if( set_lengths_method == SET_LENGTHS_BEFORE_NONCE ) { - if( do_set_lengths ) - { - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - data_true_size ) ); - } - + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); } - else + else if( set_lengths_method == SET_LENGTHS_AFTER_NONCE ) { PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); - if( do_set_lengths ) - { - PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, - data_true_size ) ); - } + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + data_true_size ) ); } if( ad_part_len_arg != -1 ) @@ -3496,6 +3497,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, { size_t ad_part_len = 0; size_t data_part_len = 0; + setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS; /* Ensure that either one part of the test or the other is done, i.e this * test does something. */ @@ -3509,16 +3511,23 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, { mbedtls_test_set_step( ad_part_len ); + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + /* Split ad into length(ad_part_len) parts. */ if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, additional_data, ad_part_len, input_data, -1, - do_set_lengths, + set_lengths_method, expected_output, - 1, 1, 0, - ( ad_part_len & 0x01 ) ) ) + 1, 1, 0 ) ) break; /* length(0) part, length(ad_part_len) part, length(0) part... */ @@ -3529,10 +3538,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, additional_data, ad_part_len, input_data, -1, - do_set_lengths, + set_lengths_method, expected_output, - 1, 1, 1, - ( ad_part_len & 0x01 ) ) ) + 1, 1, 1 ) ) break; } } @@ -3546,14 +3554,21 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, /* Split data into length(data_part_len) parts. */ mbedtls_test_set_step( 2000 + data_part_len ); + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, - do_set_lengths, + set_lengths_method, expected_output, - 1, 1, 0, - ( data_part_len & 0x01 ) ) ) + 1, 1, 0 ) ) break; /* length(0) part, length(data_part_len) part, length(0) part... */ @@ -3563,10 +3578,9 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, - do_set_lengths, + set_lengths_method, expected_output, - 1, 1, 1, - ( data_part_len & 0x01 ) ) ) + 1, 1, 1 ) ) break; } } @@ -3592,6 +3606,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, { size_t ad_part_len = 0; size_t data_part_len = 0; + setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS; /* Ensure that either one part of the test or the other is done, i.e this * test does something. */ @@ -3606,16 +3621,23 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, /* Split ad into length(ad_part_len) parts. */ mbedtls_test_set_step( ad_part_len ); + if( do_set_lengths ) + { + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, additional_data, ad_part_len, input_data, -1, - do_set_lengths, + set_lengths_method, expected_output, expect_valid_signature, - 0, 0, - ( ad_part_len & 0x01 ) ) ) + 0, 0 ) ) break; /* length(0) part, length(ad_part_len) part, length(0) part... */ @@ -3626,11 +3648,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, additional_data, ad_part_len, input_data, -1, - do_set_lengths, + set_lengths_method, expected_output, expect_valid_signature, - 0, 1, - ( ad_part_len & 0x01 ) ) ) + 0, 1 ) ) break; } } @@ -3644,15 +3665,22 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, /* Split data into length(data_part_len) parts. */ mbedtls_test_set_step( 2000 + data_part_len ); + if( do_set_lengths ) + { + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; + } + if( !aead_multipart_internal_func( key_type_arg, key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, - do_set_lengths, + set_lengths_method, expected_output, expect_valid_signature, - 0, 0, - ( data_part_len & 0x01 ) ) ) + 0, 0 ) ) break; /* length(0) part, length(data_part_len) part, length(0) part... */ @@ -3662,11 +3690,10 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, alg_arg, nonce, additional_data, -1, input_data, data_part_len, - do_set_lengths, + set_lengths_method, expected_output, expect_valid_signature, - 0, 1, - ( data_part_len & 0x01 ) ) ) + 0, 1 ) ) break; } } From 4e4d71a8388b3aec1779af1daa045652d450e506 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 16:50:01 +0100 Subject: [PATCH 144/195] Move hidden logic into loop 'for' statement Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 99183991d..f5865bb74 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -430,11 +430,12 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, { /* Pass additional data in parts */ ad_part_len = (size_t) ad_part_len_arg; - part_offset = 0; - while( part_offset < additional_data->len ) + for( part_offset = 0, part_count = 0; + part_offset < additional_data->len; + part_offset += part_length, part_count++ ) { - if( do_zero_parts && part_count++ & 0x01 ) + if( do_zero_parts && ( part_count & 0x01 ) ) { part_length = 0; } @@ -454,7 +455,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, additional_data->x + part_offset, part_length ) ); - part_offset += part_length; } } else @@ -473,11 +473,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, ASSERT_ALLOC( part_data, part_data_size ); - part_offset = 0; - - while( part_offset < data_true_size ) + for( part_offset = 0, part_count = 0; + part_offset < data_true_size; + part_offset += part_length, part_count++ ) { - if( do_zero_parts && part_count++ & 0x01 ) + if( do_zero_parts && ( part_count & 0x01 ) ) { part_length = 0; } @@ -505,7 +505,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, output_part_length ); } - part_offset += part_length; output_length += output_part_length; } } From e49fe454785bfe1654ffe28f8be17e8113248877 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 16:52:11 +0100 Subject: [PATCH 145/195] Remove unneccesary nesting Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 26 ++++++++------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f5865bb74..7c3e9904d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -439,16 +439,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, { part_length = 0; } + else if( additional_data->len - part_offset < ad_part_len ) + { + part_length = additional_data->len - part_offset; + } else { - if( additional_data->len - part_offset < ad_part_len ) - { - part_length = additional_data->len - part_offset; - } - else - { - part_length = ad_part_len; - } + part_length = ad_part_len; } PSA_ASSERT( psa_aead_update_ad( &operation, @@ -481,16 +478,13 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, { part_length = 0; } + else if( ( data_true_size - part_offset ) < data_part_len ) + { + part_length = ( data_true_size - part_offset ); + } else { - if( ( data_true_size - part_offset ) < data_part_len ) - { - part_length = ( data_true_size - part_offset ); - } - else - { - part_length = data_part_len; - } + part_length = data_part_len; } PSA_ASSERT( psa_aead_update( &operation, From f38adbe5588b90764de0e3882fc7eb6359a5cd1a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 17:04:19 +0100 Subject: [PATCH 146/195] Ensure tests expected to fail actually fail Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7c3e9904d..f9f013a22 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -524,16 +524,18 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, ( input_data->x + data_true_size ), tag_length ); - if( status != PSA_SUCCESS ) + if( expect_valid_signature ) + PSA_ASSERT( status ); + else { - if( !expect_valid_signature ) + TEST_ASSERT( status != PSA_SUCCESS ); + + if( status != PSA_SUCCESS ) { /* Expected failure. */ test_ok = 1; goto exit; } - else - PSA_ASSERT( status ); } } From a3d153f928373abdac80e736b99138fec718d6cd Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 17:37:41 +0100 Subject: [PATCH 147/195] Make nonce based test descriptions more clear Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 32 ++++++++++++------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8bf730387..9e0b574db 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2570,67 +2570,67 @@ PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) depends_on:MBEDTLS_CHACHA20_C aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0 -PSA Multipart Nonce Generation, AES - GCM, IV = 12 +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS -PSA Multipart Nonce Generation, AES - GCM, IV = 0 +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL -PSA Multipart Nonce Generation, AES - GCM, IV = 16 +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS -PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 12 +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS -PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 8 +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 8 / Expect 0) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL -PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 0 +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL -PSA Multipart Nonce Generation: ChaCha20 - Poly1305, IV = 16 +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 16 / Expect 12) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:12:"":"":PSA_SUCCESS -PSA Multipart Set Nonce, AES - GCM, IV = 0 (NULL) +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce, AES - GCM, IV = 0 (Non-NULL) +PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce, AES - GCM, IV = 16 +PSA Multipart Set Nonce, AES - GCM, NONCE = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS -PSA Multipart Set Nonce, AES - GCM, IV = 20 +PSA Multipart Set Nonce, AES - GCM, NONCE = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 12 +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 8 +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 8 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (NULL) +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 0 (Non-NULL) +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce: ChaCha20 - Poly1305, IV = 16 +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 16 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT From 12acb6bb4c4136ee53876ee6e80948646d7abcd0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 17:45:22 +0100 Subject: [PATCH 148/195] Remove missed references to aead_verify from docs Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 5ed26d002..9b6b798b6 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -325,14 +325,6 @@ psa_status_t mbedtls_psa_aead_set_lengths( * If this function returns an error status, the PSA core will call * mbedtls_psa_aead_abort(). * - * \warning When decrypting, until mbedtls_psa_aead_verify() has returned - * #PSA_SUCCESS, there is no guarantee that the input is valid. - * Therefore, until you have called mbedtls_psa_aead_verify() and it - * has returned #PSA_SUCCESS, treat the input as untrusted and prepare - * to undo any action that depends on the input if - * mbedtls_psa_aead_verify() returns an error status. - * - * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the fragment of * additional data. @@ -370,9 +362,9 @@ psa_status_t mbedtls_psa_aead_update_ad( * particular block boundary. If the implementation can only process * a whole block at a time, it must consume all the input provided, but * it may delay the end of the corresponding output until a subsequent - * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() or - * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that - * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides + * sufficient input. The amount of data that can be delayed in this way is + * bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. * * \param[in,out] operation Active AEAD operation. * \param[in] input Buffer containing the message fragment to @@ -501,8 +493,8 @@ psa_status_t mbedtls_psa_aead_finish( * been initialized as described in #mbedtls_psa_aead_operation_t. * * In particular, calling mbedtls_psa_aead_abort() after the operation has been - * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() - * or mbedtls_psa_aead_verify() is safe and has no effect. + * terminated by a call to mbedtls_psa_aead_abort() or + * mbedtls_psa_aead_finish() is safe and has no effect. * * \param[in,out] operation Initialized AEAD operation. * From eac6c757a27db9457b0f9301f4c0f654638b75d7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Sep 2021 19:08:27 +0100 Subject: [PATCH 149/195] Make nonce length check return error where it can Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 033dc8207..46eb1c933 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -195,12 +195,10 @@ psa_status_t mbedtls_psa_aead_encrypt( } tag = ciphertext + plaintext_length; - if( mbedtls_aead_check_nonce_length( &operation, nonce_length ) - != PSA_SUCCESS ) - { - status = PSA_ERROR_NOT_SUPPORTED; + status = mbedtls_aead_check_nonce_length( &operation, nonce_length ); + + if( status != PSA_SUCCESS ) goto exit; - } #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) @@ -310,12 +308,10 @@ psa_status_t mbedtls_psa_aead_decrypt( if( status != PSA_SUCCESS ) goto exit; - if( mbedtls_aead_check_nonce_length( &operation, nonce_length ) - != PSA_SUCCESS ) - { - status = PSA_ERROR_NOT_SUPPORTED; + status = mbedtls_aead_check_nonce_length( &operation, nonce_length ); + + if( status != PSA_SUCCESS ) goto exit; - } #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) From 6a60b12ef98a9ee3aa8b3863354da58118103745 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 16 Sep 2021 17:12:12 +0100 Subject: [PATCH 150/195] Make buffer size checks +-1 from correct size i.e Check correct buffer size +1 and correct buffer size -1 (where applicable) to check too big and too small cases, and hopefully catch edge cases. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 29 ++++++++++++++----------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9e0b574db..bdf1a52d1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2574,6 +2574,10 @@ PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL + PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL @@ -2586,9 +2590,9 @@ PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS -PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 8 / Expect 0) +PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 11 / Expect 0) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 0 / Expect 0) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -2614,13 +2618,17 @@ PSA Multipart Set Nonce, AES - GCM, NONCE = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:11:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT + PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 12 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:12:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS -PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 8 +PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 13 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:8:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:13:"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (NULL) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -2630,21 +2638,17 @@ PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 0 (Non-NULL) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:-1:"":"":PSA_ERROR_INVALID_ARGUMENT -PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 16 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:16:"":"":PSA_ERROR_INVALID_ARGUMENT - -PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 10 +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):10:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS -PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 10 +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:10:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -2678,7 +2682,6 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL - PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" From ce2c1faf1a8ffd5c3f2a03e58c683e7fdbfdd4d7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 16 Sep 2021 17:56:23 +0100 Subject: [PATCH 151/195] Remove uneccesary postive buffer size tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index bdf1a52d1..cac6c6856 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2642,18 +2642,10 @@ PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL -PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 16 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS - PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL -PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 130 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:130:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_SUCCESS - PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL From fd0c154ce367f39f64d634e77945dc5437a3729f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 17 Sep 2021 18:03:52 +0100 Subject: [PATCH 152/195] Add tests to oversend data/ad when lengths set Previous tests only tested when the expected lengths were set to zero. New test sends all data/ad then goes over by one byte. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 41 +++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f9f013a22..b6d52f7d6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4467,6 +4467,24 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, + 1 ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + /* Test for sending too much data after setting lengths. */ operation = psa_aead_operation_init( ); @@ -4484,6 +4502,29 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, output_data, + output_size, &output_length ) ); + + TEST_EQUAL( psa_aead_update( &operation, input_data->x, + 1, output_data, + output_size, &output_length ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + /* Test sending additional data after data. */ operation = psa_aead_operation_init( ); From 9961a668bd5885d0261985b558d6f813eec16547 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 17 Sep 2021 19:19:02 +0100 Subject: [PATCH 153/195] Remove negative tests from multipart_decrypt Multipart decrypt now always expects positive result (i.e. the plaintext that is passed in). Added new test that expects fail, and does no multipart versions and concentrates on aead_verify. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 176 ++++++++++---------- tests/suites/test_suite_psa_crypto.function | 118 ++++++++++--- 2 files changed, 175 insertions(+), 119 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cac6c6856..645fe2af3 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2310,221 +2310,205 @@ PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TA depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #1 (lengths set) +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes #2 (lengths set) +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=4 (lengths set) +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" -PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=15 (lengths set) +PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1 - -PSA Multipart AEAD decrypt, AES-GCM, invalid signature -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0 - -PSA Multipart AEAD decrypt, AES-GCM, T=15 but passing 16 bytes -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0 - -PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 0 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 - -PSA Multipart AEAD decrypt: AES-GCM, invalid tag length 2 -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":0:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":1:0:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":0 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889":1 +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -2542,33 +2526,41 @@ PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04" -PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" -PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) (lengths set) +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" -PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"" -PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) +PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"":1 +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"" -PSA Multipart AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) (lengths set) +PSA Multipart AEAD verify, AES - GCM, invalid signature +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: AES - GCM, invalid tag length 2 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"":1 - -PSA Multipart AEAD decrypt: invalid algorithm (CTR) -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":0:"":1:0:"":0 - -PSA Multipart AEAD decrypt: invalid algorithm (ChaCha20) -depends_on:MBEDTLS_CHACHA20_C -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":1:"":1:0:"":0 +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":PSA_ERROR_INVALID_SIGNATURE PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b6d52f7d6..f25872d16 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -309,7 +309,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int data_part_len_arg, setlengths_method set_lengths_method, data_t *expected_output, - int expect_valid_signature, int is_encrypt, int do_zero_parts ) { @@ -518,25 +517,11 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, &tag_size ) ); else { - status = psa_aead_verify( &operation, final_data, + PSA_ASSERT( psa_aead_verify( &operation, final_data, final_output_size, &output_part_length, ( input_data->x + data_true_size ), - tag_length ); - - if( expect_valid_signature ) - PSA_ASSERT( status ); - else - { - TEST_ASSERT( status != PSA_SUCCESS ); - - if( status != PSA_SUCCESS ) - { - /* Expected failure. */ - test_ok = 1; - goto exit; - } - } + tag_length ) ); } if( output_data && output_part_length ) @@ -3522,7 +3507,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, -1, set_lengths_method, expected_output, - 1, 1, 0 ) ) + 1, 0 ) ) break; /* length(0) part, length(ad_part_len) part, length(0) part... */ @@ -3535,7 +3520,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, -1, set_lengths_method, expected_output, - 1, 1, 1 ) ) + 1, 1 ) ) break; } } @@ -3563,7 +3548,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, set_lengths_method, expected_output, - 1, 1, 0 ) ) + 1, 0 ) ) break; /* length(0) part, length(data_part_len) part, length(0) part... */ @@ -3575,7 +3560,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, set_lengths_method, expected_output, - 1, 1, 1 ) ) + 1, 1 ) ) break; } } @@ -3596,8 +3581,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, data_t *input_data, int do_test_data_chunked, int do_set_lengths, - data_t *expected_output, - int expect_valid_signature ) + data_t *expected_output ) { size_t ad_part_len = 0; size_t data_part_len = 0; @@ -3631,7 +3615,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, input_data, -1, set_lengths_method, expected_output, - expect_valid_signature, 0, 0 ) ) break; @@ -3645,7 +3628,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, input_data, -1, set_lengths_method, expected_output, - expect_valid_signature, 0, 1 ) ) break; } @@ -3674,7 +3656,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, set_lengths_method, expected_output, - expect_valid_signature, 0, 0 ) ) break; @@ -3687,7 +3668,6 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, input_data, data_part_len, set_lengths_method, expected_output, - expect_valid_signature, 0, 1 ) ) break; } @@ -4084,6 +4064,90 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_verify( int key_type_arg, data_t *key_data, + int alg_arg, + data_t *nonce, + data_t *additional_data, + data_t *input_data, + data_t *tag, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + unsigned char *plaintext = NULL; + unsigned char *finish_plaintext = NULL; + size_t plaintext_size = 0; + size_t plaintext_length = 0; + size_t verify_plaintext_size = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + + plaintext_size = PSA_AEAD_UPDATE_OUTPUT_SIZE( key_type, alg, + input_data->len ); + + ASSERT_ALLOC( plaintext, plaintext_size ); + + verify_plaintext_size = PSA_AEAD_VERIFY_OUTPUT_SIZE( key_type, alg ); + + ASSERT_ALLOC( finish_plaintext, verify_plaintext_size ); + + operation = psa_aead_operation_init( ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + /* If the operation is not supported, just skip and not fail in case the + * encryption involves a common limitation of cryptography hardwares and + * an alternative implementation. */ + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192( key_type, key_data->len * 8 ); + MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE( alg, nonce->len ); + } + + PSA_ASSERT( status ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + PSA_ASSERT( psa_aead_update( &operation, input_data->x, + input_data->len, + plaintext, plaintext_size, + &plaintext_length ) ); + + status = psa_aead_verify( &operation, finish_plaintext, + verify_plaintext_size, + &plaintext_length, + tag->x, tag->len ); + + TEST_EQUAL( status, expected_status ); + +exit: + psa_destroy_key( key ); + mbedtls_free( plaintext ); + mbedtls_free( finish_plaintext ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + + /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, int alg_arg, From 1c67e0b38ccbd3a2e0daf55d5cbaeaa304c498eb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 13:11:50 +0100 Subject: [PATCH 154/195] Add extra verify edge test cases Add ability to pass NULL tag buffer (with length zero) Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 22 ++++++++++++++++----- tests/suites/test_suite_psa_crypto.function | 19 ++++++++++++++++-- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 645fe2af3..12f7e7c8a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2544,23 +2544,35 @@ aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f90 PSA Multipart AEAD verify, AES - GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_verify:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f":"6bac793bdc2190a195122c98544ccf56":1:PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 16 bytes depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 14 bytes +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df34":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (valid buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":1:PSA_ERROR_INVALID_SIGNATURE + +PSA Multipart AEAD verify, AES - GCM, T = 15 but passing 0 bytes (NULL buffer) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"":0:PSA_ERROR_INVALID_SIGNATURE PSA Multipart AEAD verify: AES - GCM, invalid tag length 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,0):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":1:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD verify: AES - GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,2):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd":"10b6":1:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":PSA_ERROR_INVALID_SIGNATURE +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_SIGNATURE PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f25872d16..29cda92eb 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -271,6 +271,12 @@ typedef enum SET_LENGTHS_AFTER_NONCE = 2 } setlengths_method; +typedef enum +{ + USE_NULL_TAG = 0, + USE_GIVEN_TAG = 1, +} tagusage_method; + /*! * \brief Internal Function for AEAD multipart tests. * @@ -4071,6 +4077,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, data_t *additional_data, data_t *input_data, data_t *tag, + int tag_usage_arg, int expected_status_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; @@ -4085,6 +4092,9 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, size_t plaintext_size = 0; size_t plaintext_length = 0; size_t verify_plaintext_size = 0; + tagusage_method tag_usage = tag_usage_arg; + unsigned char *tag_buffer = NULL; + size_t tag_size = 0; PSA_ASSERT( psa_crypto_init( ) ); @@ -4131,10 +4141,16 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, plaintext, plaintext_size, &plaintext_length ) ); + if( tag_usage == USE_GIVEN_TAG ) + { + tag_buffer = tag->x; + tag_size = tag->len; + } + status = psa_aead_verify( &operation, finish_plaintext, verify_plaintext_size, &plaintext_length, - tag->x, tag->len ); + tag_buffer, tag_size ); TEST_EQUAL( status, expected_status ); @@ -4147,7 +4163,6 @@ exit: } /* END_CASE */ - /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, int alg_arg, From 5221ef638a1aca1873a2947526198282c15a24a8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 17:33:03 +0100 Subject: [PATCH 155/195] Add aead setup tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++++ tests/suites/test_suite_psa_crypto.function | 45 +++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 12f7e7c8a..09ebcf08f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2678,6 +2678,14 @@ PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL +PSA AEAD setup: invalid algorithm (CTR) +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD setup: invalid algorithm (ChaCha20) +depends_on:MBEDTLS_CHACHA20_C +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 29cda92eb..9fb8363a4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4163,6 +4163,51 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void aead_multipart_setup( int key_type_arg, data_t *key_data, + int alg_arg, int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_aead_operation_t operation; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t expected_status = expected_status_arg; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + mbedtls_test_set_step( 0 ); + + status = psa_aead_encrypt_setup( &operation, key, alg ); + + TEST_EQUAL( status, expected_status ); + + psa_aead_abort( &operation ); + + operation = psa_aead_operation_init( ); + + mbedtls_test_set_step( 1 ); + + status = psa_aead_decrypt_setup( &operation, key, alg ); + + TEST_EQUAL(status, expected_status ); + +exit: + psa_destroy_key( key ); + psa_aead_abort( &operation ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void aead_multipart_state_test( int key_type_arg, data_t *key_data, int alg_arg, From f94bd993685eb0c15e843dbe336b52954c79a999 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 18:15:59 +0100 Subject: [PATCH 156/195] Add missing aead state tests. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 40 +++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9fb8363a4..d23ef4d5a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4503,6 +4503,23 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + PSA_ASSERT( psa_aead_update( &operation, input_data->x, input_data->len, output_data, output_size, &output_length ) ); @@ -4574,6 +4591,29 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* Test for not sending any data after setting a non-zero length for it.*/ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); + + PSA_ASSERT( psa_aead_set_lengths( &operation, additional_data->len, + input_data->len ) ); + + PSA_ASSERT( psa_aead_update_ad( &operation, additional_data->x, + additional_data->len ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_INVALID_ARGUMENT ); + + psa_aead_abort( &operation ); + /* Test for sending too much additional data after setting lengths. */ operation = psa_aead_operation_init( ); From 70f447dfe59261e28f175280643244fe519f335a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 18:21:58 +0100 Subject: [PATCH 157/195] Replace individual zeroization with memset Signed-off-by: Paul Elliott --- library/psa_crypto.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b335aa37c..15495626b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3819,12 +3819,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) status = psa_driver_wrapper_aead_abort( operation ); - operation->id = 0; - operation->nonce_set = 0; - operation->lengths_set = 0; - operation->ad_started = 0; - operation->body_started = 0; - operation->is_encrypt = 0; + memset( operation, 0, sizeof( psa_aead_operation_t ) ); return( status ); } From 69bf5fc901d4d2838b8a2df03d7c733ade6d5602 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 18:26:37 +0100 Subject: [PATCH 158/195] Const correctness Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 15495626b..8af26d33b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3713,7 +3713,7 @@ exit: return( status ); } -static psa_status_t psa_aead_final_checks( psa_aead_operation_t *operation ) +static psa_status_t psa_aead_final_checks( const psa_aead_operation_t *operation ) { if( operation->id == 0 || !operation->nonce_set ) return( PSA_ERROR_BAD_STATE ); From 4c916e8d74916ccaf0fce9600c03151f0b9e862e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 18:34:50 +0100 Subject: [PATCH 159/195] Improve comment on buffer clearing Signed-off-by: Paul Elliott --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8af26d33b..b5efc2de0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3756,10 +3756,10 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation, exit: /* In case the operation fails and the user fails to check for failure or - * the zero tag size, make sure the tag is set to something impossible. - * Even if the operation succeeds, make sure we set the rest of the - * buffer to something impossible to prevent potential leakage of - * anything previously placed in the same buffer.*/ + * the zero tag size, make sure the tag is set to something implausible. + * Even if the operation succeeds, make sure we clear the rest of the + * buffer to prevent potential leakage of anything previously placed in + * the same buffer.*/ if( status != PSA_SUCCESS ) memset( tag, '!', tag_size ); else if( *tag_length < tag_size ) From 8ff74217e46cd9c1ecea05dbfcf1a20926cc3d56 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 18:39:23 +0100 Subject: [PATCH 160/195] Add comment explaining finish output size Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 46eb1c933..01d5d19d1 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -677,6 +677,8 @@ psa_status_t mbedtls_psa_aead_finish( if( status == PSA_SUCCESS ) { + /* This will be zero for all supported algorithms currently, but left + * here for future support. */ *ciphertext_length = finish_output_size; *tag_length = operation->tag_length; } From ec95cc94890d77cb320549e61b5d413a40e04195 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 22:33:09 +0100 Subject: [PATCH 161/195] Add safety for NULL tag being passed to finish Signed-off-by: Paul Elliott --- library/psa_crypto.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b5efc2de0..664b8aecc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3760,10 +3760,13 @@ exit: * Even if the operation succeeds, make sure we clear the rest of the * buffer to prevent potential leakage of anything previously placed in * the same buffer.*/ - if( status != PSA_SUCCESS ) - memset( tag, '!', tag_size ); - else if( *tag_length < tag_size ) - memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); + if( tag ) + { + if( status != PSA_SUCCESS ) + memset( tag, '!', tag_size ); + else if( *tag_length < tag_size ) + memset( tag + *tag_length, '!', ( tag_size - *tag_length ) ); + } psa_aead_abort( operation ); From 8eec8d443689334304131670e8a2e084fed2127b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Sep 2021 22:38:27 +0100 Subject: [PATCH 162/195] Fix missed documentation header Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d23ef4d5a..fa579e45a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -279,32 +279,29 @@ typedef enum /*! * \brief Internal Function for AEAD multipart tests. - * * \param key_type_arg Type of key passed in * \param key_data The encryption / decryption key data * \param alg_arg The type of algorithm used * \param nonce Nonce data * \param additional_data Additional data - * \param ad_part_len If not -1, the length of chunks to + * \param ad_part_len_arg If not -1, the length of chunks to * feed additional data in to be encrypted / * decrypted. If -1, no chunking. * \param input_data Data to encrypt / decrypt - * \param data_part_len If not -1, the length of chunks to feed the - * data in to be encrypted / decrypted. If -1, - * no chunking - * \param do_set_lengths If non-zero, then set lengths prior to - * calling encryption / decryption. + * \param data_part_len_arg If not -1, the length of chunks to feed + * the data in to be encrypted / decrypted. If + * -1, no chunking + * \param set_lengths_method A member of the setlengths_method enum is + * expected here, this controls whether or not + * to set lengths, and in what order with + * respect to set nonce. * \param expected_output Expected output * \param expect_valid_signature If non zero, we expect the signature to be * valid * \param is_encrypt If non-zero this is an encryption operation. * \param do_zero_parts If non-zero, interleave zero length chunks - * with normal length chunks - * \param swap_set_functions If non-zero, swap the order of set lengths - * and set nonce. - * + * with normal length chunks. * \return int Zero on failure, non-zero on success. - * */ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int alg_arg, From 6043e49039ff221cdfc7d71b209e796cf1e4f5e7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 20 Sep 2021 09:24:48 +0100 Subject: [PATCH 163/195] Fix missed documentation header pt 2 Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fa579e45a..a240df7bd 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -296,8 +296,6 @@ typedef enum * to set lengths, and in what order with * respect to set nonce. * \param expected_output Expected output - * \param expect_valid_signature If non zero, we expect the signature to be - * valid * \param is_encrypt If non-zero this is an encryption operation. * \param do_zero_parts If non-zero, interleave zero length chunks * with normal length chunks. From 4a760882bb45a937a1dc97965e7b6a9fe92fbf7a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 20 Sep 2021 09:42:21 +0100 Subject: [PATCH 164/195] Fix leaked test buffer Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a240df7bd..2feadf800 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4060,6 +4060,7 @@ exit: psa_destroy_key( key ); mbedtls_free( ciphertext ); mbedtls_free( finish_ciphertext ); + mbedtls_free( tag_buffer ); psa_aead_abort( &operation ); PSA_DONE( ); } From 64555bd98ca43be8667b83ad81e32232b016f957 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 20 Sep 2021 16:44:44 +0100 Subject: [PATCH 165/195] Add missing initialisation to setup test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2feadf800..c91f744b8 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4181,6 +4181,8 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); + operation = psa_aead_operation_init( ); + mbedtls_test_set_step( 0 ); status = psa_aead_encrypt_setup( &operation, key, alg ); From 0f32b7d345ada2a5539faf230da9dec3b46a5043 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 20 Sep 2021 18:46:03 +0100 Subject: [PATCH 166/195] Apply fixes to test driver from lib implementation Signed-off-by: Paul Elliott --- tests/src/drivers/test_driver_aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index ac116ffb0..84e69e0f6 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -282,7 +282,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( plaintext_size, plaintext_length, check_tag, - tag_length, + sizeof( check_tag ), &check_tag_length ); if( mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS ) @@ -293,6 +293,8 @@ psa_status_t mbedtls_test_transparent_aead_verify( mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_INVALID_SIGNATURE; } + + mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); } return( mbedtls_test_driver_aead_hooks.driver_status ); From 3ecdb3e308e8207a4c40798cf749a01a8d453256 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Sep 2021 17:23:34 +0100 Subject: [PATCH 167/195] Change test dependencys to PSA_WANT Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 09ebcf08f..63a597945 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2679,11 +2679,11 @@ depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_finish_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD setup: invalid algorithm (CTR) -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES aead_multipart_setup:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT PSA AEAD setup: invalid algorithm (ChaCha20) -depends_on:MBEDTLS_CHACHA20_C +depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT PSA Multipart State Checks, AES - GCM From bdc2c68d97d25abfd4ffe93a48cb420c0bd41d6a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Sep 2021 18:37:10 +0100 Subject: [PATCH 168/195] Add missing not setting nonce tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 30 +++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c91f744b8..e9ca8d268 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4402,6 +4402,36 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_finish( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, tag_length, + &tag_size ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + + /* ------------------------------------------------------- */ + + operation = psa_aead_operation_init( ); + + PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); + + TEST_EQUAL( psa_aead_verify( &operation, final_data, + finish_output_size, + &output_part_length, + tag_buffer, + tag_length ), + PSA_ERROR_BAD_STATE ); + + psa_aead_abort( &operation ); + /* Test for double setting nonce. */ operation = psa_aead_operation_init( ); From bb979e774820b897fe3564a74d1e5d5c49db850d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 12:54:42 +0100 Subject: [PATCH 169/195] Rename enum types Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e9ca8d268..482063a1d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -269,13 +269,13 @@ typedef enum DO_NOT_SET_LENGTHS = 0, SET_LENGTHS_BEFORE_NONCE = 1, SET_LENGTHS_AFTER_NONCE = 2 -} setlengths_method; +} set_lengths_method_t; typedef enum { USE_NULL_TAG = 0, USE_GIVEN_TAG = 1, -} tagusage_method; +} tag_usage_method_t; /*! * \brief Internal Function for AEAD multipart tests. @@ -291,7 +291,7 @@ typedef enum * \param data_part_len_arg If not -1, the length of chunks to feed * the data in to be encrypted / decrypted. If * -1, no chunking - * \param set_lengths_method A member of the setlengths_method enum is + * \param set_lengths_method A member of the set_lengths_method_t enum is * expected here, this controls whether or not * to set lengths, and in what order with * respect to set nonce. @@ -308,7 +308,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, int ad_part_len_arg, data_t *input_data, int data_part_len_arg, - setlengths_method set_lengths_method, + set_lengths_method_t set_lengths_method, data_t *expected_output, int is_encrypt, int do_zero_parts ) @@ -3478,7 +3478,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, { size_t ad_part_len = 0; size_t data_part_len = 0; - setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; /* Ensure that either one part of the test or the other is done, i.e this * test does something. */ @@ -3586,7 +3586,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, { size_t ad_part_len = 0; size_t data_part_len = 0; - setlengths_method set_lengths_method = DO_NOT_SET_LENGTHS; + set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; /* Ensure that either one part of the test or the other is done, i.e this * test does something. */ @@ -4088,7 +4088,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, size_t plaintext_size = 0; size_t plaintext_length = 0; size_t verify_plaintext_size = 0; - tagusage_method tag_usage = tag_usage_arg; + tag_usage_method_t tag_usage = tag_usage_arg; unsigned char *tag_buffer = NULL; size_t tag_size = 0; From a2a09b096c413d40894ab9bdbd0c41b1dbb794b1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 14:56:40 +0100 Subject: [PATCH 170/195] Remove double initialisation of AEAD operation Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 68 +-------------------- 1 file changed, 2 insertions(+), 66 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 482063a1d..7c988067a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4191,8 +4191,6 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - operation = psa_aead_operation_init( ); - mbedtls_test_set_step( 1 ); status = psa_aead_decrypt_setup( &operation, key, alg ); @@ -4267,8 +4265,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, PSA_AEAD_NONCE_MAX_SIZE, &nonce_length ), @@ -4278,8 +4274,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_set_lengths( &operation, additional_data->len, input_data->len ), PSA_ERROR_BAD_STATE ); @@ -4288,8 +4282,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, additional_data->len ), PSA_ERROR_BAD_STATE ); @@ -4298,8 +4290,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_update( &operation, input_data->x, input_data->len, output_data, output_size, &output_length ), @@ -4309,8 +4299,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_finish( &operation, final_data, finish_output_size, &output_part_length, @@ -4322,8 +4310,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_verify( &operation, final_data, finish_output_size, &output_part_length, @@ -4335,8 +4321,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for double setups. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), @@ -4346,8 +4330,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), @@ -4357,8 +4339,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_decrypt_setup( &operation, key, alg ), @@ -4368,8 +4348,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_encrypt_setup( &operation, key, alg ), @@ -4379,8 +4357,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for not setting a nonce. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_update_ad( &operation, additional_data->x, @@ -4391,8 +4367,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_update( &operation, input_data->x, @@ -4404,8 +4378,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_finish( &operation, final_data, @@ -4419,8 +4391,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_verify( &operation, final_data, @@ -4434,8 +4404,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for double setting nonce. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4447,8 +4415,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for double generating nonce. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, @@ -4465,8 +4431,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for generate nonce then set and vice versa */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_generate_nonce( &operation, nonce_buffer, @@ -4480,8 +4444,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4495,8 +4457,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for generating nonce in decrypt setup. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( psa_aead_generate_nonce( &operation, nonce_buffer, @@ -4508,8 +4468,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for setting lengths twice. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4525,8 +4483,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for setting lengths after already starting data. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4542,8 +4498,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* ------------------------------------------------------- */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4561,8 +4515,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for not sending any additional data or data after setting non zero * lengths for them. (encrypt) */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4582,8 +4534,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for not sending any additional data or data after setting non-zero * lengths for them. (decrypt) */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4603,8 +4553,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for not sending any additional data after setting a non-zero length * for it. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4621,8 +4569,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for not sending any data after setting a non-zero length for it.*/ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4644,8 +4590,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for sending too much additional data after setting lengths. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4659,7 +4603,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - operation = psa_aead_operation_init( ); + /* ------------------------------------------------------- */ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); @@ -4679,8 +4623,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test for sending too much data after setting lengths. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4694,7 +4636,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, psa_aead_abort( &operation ); - operation = psa_aead_operation_init( ); + /* ------------------------------------------------------- */ PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); @@ -4719,8 +4661,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test sending additional data after data. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4737,8 +4677,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test calling finish on decryption. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); @@ -4754,8 +4692,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test calling verify on encryption. */ - operation = psa_aead_operation_init( ); - PSA_ASSERT( psa_aead_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_aead_set_nonce( &operation, nonce->x, nonce->len ) ); From fbb4c6d9a249ebce03e89509676d92f589502d8d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 16:44:21 +0100 Subject: [PATCH 171/195] Replace AEAD operation init func with macro Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 33 +++++---------------- 1 file changed, 8 insertions(+), 25 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7c988067a..406509091 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -316,7 +316,7 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; unsigned char *output_data = NULL; unsigned char *part_data = NULL; unsigned char *final_data = NULL; @@ -391,9 +391,6 @@ static int aead_multipart_internal_func( int key_type_arg, data_t *key_data, ASSERT_ALLOC( final_data, final_output_size ); - operation = psa_aead_operation_init( ); - - if( is_encrypt ) status = psa_aead_encrypt_setup( &operation, key, alg ); else @@ -3693,7 +3690,7 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; uint8_t nonce_buffer[PSA_AEAD_NONCE_MAX_SIZE]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3729,8 +3726,6 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, ASSERT_ALLOC( ciphertext, ciphertext_size ); - operation = psa_aead_operation_init( ); - status = psa_aead_encrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the @@ -3792,7 +3787,7 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; uint8_t *nonce_buffer = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3828,8 +3823,6 @@ void aead_multipart_set_nonce( int key_type_arg, data_t *key_data, ASSERT_ALLOC( ciphertext, ciphertext_size ); - operation = psa_aead_operation_init( ); - status = psa_aead_encrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the @@ -3908,7 +3901,7 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; @@ -3937,8 +3930,6 @@ void aead_multipart_update_buffer_test( int key_type_arg, data_t *key_data, ASSERT_ALLOC( ciphertext, ciphertext_size ); - operation = psa_aead_operation_init( ); - status = psa_aead_encrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the @@ -3993,7 +3984,7 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; @@ -4025,8 +4016,6 @@ void aead_multipart_finish_buffer_test( int key_type_arg, data_t *key_data, ASSERT_ALLOC( tag_buffer, tag_size ); - operation = psa_aead_operation_init( ); - status = psa_aead_encrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the @@ -4079,7 +4068,7 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; @@ -4112,8 +4101,6 @@ void aead_multipart_verify( int key_type_arg, data_t *key_data, ASSERT_ALLOC( finish_plaintext, verify_plaintext_size ); - operation = psa_aead_operation_init( ); - status = psa_aead_decrypt_setup( &operation, key, alg ); /* If the operation is not supported, just skip and not fail in case the @@ -4166,7 +4153,7 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t expected_status = expected_status_arg; @@ -4181,8 +4168,6 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - operation = psa_aead_operation_init( ); - mbedtls_test_set_step( 0 ); status = psa_aead_encrypt_setup( &operation, key, alg ); @@ -4214,7 +4199,7 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; - psa_aead_operation_t operation; + psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; unsigned char *output_data = NULL; unsigned char *final_data = NULL; size_t output_size = 0; @@ -4258,8 +4243,6 @@ void aead_multipart_state_test( int key_type_arg, data_t *key_data, /* Test all operations error without calling setup first. */ - operation = psa_aead_operation_init( ); - TEST_EQUAL( psa_aead_set_nonce( &operation, nonce->x, nonce->len ), PSA_ERROR_BAD_STATE ); From 2c363a802a35a3a07499a8e603b2d10e3f666d33 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 17:07:54 +0100 Subject: [PATCH 172/195] Add NULL / 0 buffer tests for update test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 63a597945..fd78335d1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2646,10 +2646,18 @@ PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL + PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:129:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL +PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 0 +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:0:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":PSA_ERROR_BUFFER_TOO_SMALL + PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL From 70618b22a9b3819c6bb6db86975fd7a0436004f9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 17:12:16 +0100 Subject: [PATCH 173/195] Change sizeof to variable rather than struct Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 664b8aecc..415dab8b2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3822,7 +3822,7 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) status = psa_driver_wrapper_aead_abort( operation ); - memset( operation, 0, sizeof( psa_aead_operation_t ) ); + memset( operation, 0, sizeof( *operation ) ); return( status ); } From 90fdc117dd583b9df6119c2a15aee123581a9c9e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 17:15:48 +0100 Subject: [PATCH 174/195] Make NULL tag check more explicit Signed-off-by: Paul Elliott --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 415dab8b2..a954d86c6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3760,7 +3760,7 @@ exit: * Even if the operation succeeds, make sure we clear the rest of the * buffer to prevent potential leakage of anything previously placed in * the same buffer.*/ - if( tag ) + if( tag != NULL ) { if( status != PSA_SUCCESS ) memset( tag, '!', tag_size ); From 88ecbe176da8600c982e008b90b7135a9b0f4722 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 17:23:03 +0100 Subject: [PATCH 175/195] Test generated nonce test generates expected sizes (But only in the positive test cases) Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 406509091..cd97c5063 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3747,6 +3747,10 @@ void aead_multipart_generate_nonce( int key_type_arg, data_t *key_data, TEST_EQUAL( actual_nonce_length, expected_nonce_length ); + if( expected_status == PSA_SUCCESS ) + TEST_EQUAL( actual_nonce_length, PSA_AEAD_NONCE_LENGTH( key_type, + alg ) ); + TEST_ASSERT( actual_nonce_length < PSA_AEAD_NONCE_MAX_SIZE ); if( expected_status == PSA_SUCCESS ) From 3db0b70263f142425c7f2a9bdcc8e99449fa2741 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 22 Sep 2021 17:27:58 +0100 Subject: [PATCH 176/195] Remove unnecessary test steps Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index cd97c5063..5455fc656 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4172,16 +4172,12 @@ void aead_multipart_setup( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - mbedtls_test_set_step( 0 ); - status = psa_aead_encrypt_setup( &operation, key, alg ); TEST_EQUAL( status, expected_status ); psa_aead_abort( &operation ); - mbedtls_test_set_step( 1 ); - status = psa_aead_decrypt_setup( &operation, key, alg ); TEST_EQUAL(status, expected_status ); From 5977bc9e395daa1556688f2004ff596f811a7906 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Sep 2021 17:35:08 +0100 Subject: [PATCH 177/195] Add MBEDTLS_PRIVATE to new structs Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index cdecb2844..8075caf66 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -86,24 +86,24 @@ typedef struct /* Context structure for the Mbed TLS AEAD implementation. */ typedef struct { - psa_algorithm_t alg; - psa_key_type_t key_type; + psa_algorithm_t MBEDTLS_PRIVATE(alg); + psa_key_type_t MBEDTLS_PRIVATE(key_type); - unsigned int is_encrypt : 1; + unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; - uint8_t tag_length; + uint8_t MBEDTLS_PRIVATE(tag_length); union { unsigned dummy; /* Enable easier initializing of the union. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - mbedtls_ccm_context ccm; + mbedtls_ccm_context MBEDTLS_PRIVATE(ccm); #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - mbedtls_gcm_context gcm; + mbedtls_gcm_context MBEDTLS_PRIVATE(gcm); #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - mbedtls_chachapoly_context chachapoly; + mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly); #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ } ctx; From 32f46ba16a6adea6a74828906909642c32204265 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Sep 2021 18:24:36 +0100 Subject: [PATCH 178/195] Remove ability to turn off chunked ad/data tests This is no longer required, as both PolyChaCha and GCM now support both chunked body data and additional data. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 216 +++++++-------- tests/suites/test_suite_psa_crypto.function | 281 +++++++++----------- 2 files changed, 232 insertions(+), 265 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c17d52747..e48bd976f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2748,435 +2748,435 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091 PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #2 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":1:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, 128 bytes #1, T=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":1:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:0:"f149e2b5f0adaa9842ca5f45b768a8fc" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":0:"f149e2b5f0adaa9842ca5f45b768a8fc" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=0, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":0:"":1:1:"f149e2b5f0adaa9842ca5f45b768a8fc" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"ab2265b4c168955561f04315":"":"":1:"f149e2b5f0adaa9842ca5f45b768a8fc" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:0:"204bdb1bd62154bf08922aaa54eed705" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":0:"204bdb1bd62154bf08922aaa54eed705" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=16, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":0:"":1:1:"204bdb1bd62154bf08922aaa54eed705" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"41c5da8667ef725220ffe39ae0ac590ac9fca729ab60ada0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"05ad13a5e2c2ab667e1a6fbc":"8b5c124bef6e2f0fe4d8c95cd5fa4cf1":"":1:"204bdb1bd62154bf08922aaa54eed705" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:0:"1b2d2764573e20ae640bf29d48e5fe05" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":0:"1b2d2764573e20ae640bf29d48e5fe05" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=20, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":0:"":1:1:"1b2d2764573e20ae640bf29d48e5fe05" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"093ef7551ebbff8eb0c0a8a4a62b198f0c2e838de10eeeee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"e656e93930ed5210ba3f0322":"3da22dacfd11b21b0a713157f60aec0cd22f1add":"":1:"1b2d2764573e20ae640bf29d48e5fe05" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:0:"77e5682a49243d5b9016eb1adafa2d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":0:"77e5682a49243d5b9016eb1adafa2d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=0, AAD=48, TAG=15, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":0:"":1:1:"77e5682a49243d5b9016eb1adafa2d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"31389612d244c9792a510eca3f9c94f9f48c97ed67ae965a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"df6b54ec8b58114df5b09279":"0863bec42ee93385efbec665adfc46dafcd793f29e859e3b531c15b168f1888dd13e905cd7d5bc03f9f1f6495717df62":"":1:"77e5682a49243d5b9016eb1adafa2d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":0:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":0:"d2ae38c4375954835d75b8e4c2f9bbb4":1:1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":1:"69482957e6be5c54882d00314e0259cf191e9f29bef63a26860c1e020a21137e" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":0:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=0, TAG=8, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":0:"d3f3f57033df30c22860231334b099cb":1:1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c50ac59e50556e47b834380018c0dc0380af9df3bf6714e6":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"f303bf4b6cfbba7104cd9436":"":"d3f3f57033df30c22860231334b099cb":1:"2269c72d77f2b6f9d57da1820ec5a5d3d62d4491e3e4e9e7" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":0:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=14, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":0:"e7fb0631eebf9bdba87045b33650c4ce":1:1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"8ef391e4b7a2fe05b959be27823357080f963ed2f64b9e59":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0080052a2a5bb0e95222a419":"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":1:"88d674044031414af7ba9da8b89dd68e69897d99d8e1706f38c613896c18" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":0:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=16, TAG=4, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":0:"636871d4c0aae3da7b55abd8b5f21297":1:1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"1cb5a0db778d3eb430b2816ceef9e455f519a8977b074183":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"c1df5e9e2e3165c54242a306":"7134e5ddc396c2a8a7da23906c8f7b40":"636871d4c0aae3da7b55abd8b5f21297":1:"14eb02562aa1d963d0033626cdc8a5c8972f4bdf" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":0:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=20, TAG=13, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":0:"3d952be11deb421b56e0ce9d7ce99553":1:1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"45148f42669f8ab8fad689d9b9180e39d7ea8fc95696297e":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"5afcb134acc78b4eb9d11e79":"aec409e5fd82e50b824ebc1f45e75188d80615c6":"3d952be11deb421b56e0ce9d7ce99553":1:"077c0d53869869e191df116fd7baa8a293d2b577a29b0953c91b5d3b9d" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":0:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=24, IV=12, IN=16, AAD=48, TAG=15, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":0:"fdd8a462c86d4365c8bfee0e25fc8a62":1:1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5255428457fe75e64447971ec5af0d13c5b60a07ee2d07b0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"40cb6ebafc202f82223db097":"b2da2bd05ab1f3e39613efc8d80c5d0f240ee08f6abad5791649e9c1d0f48fa3dc59c1e535d1db1a4d3fa2263f5a1117":"fdd8a462c86d4365c8bfee0e25fc8a62":1:"9ca4a6d08267038f6f7999c84105bb5eaf8f7b3b9310ec688e033088a03482" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:0:"bdc1ac884d332457a1d2664f168c76f0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":0:"bdc1ac884d332457a1d2664f168c76f0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":0:"":1:1:"bdc1ac884d332457a1d2664f168c76f0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"516c33929df5a3284ff463d7":"":"":1:"bdc1ac884d332457a1d2664f168c76f0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:0:"2fb9c3e41fff24ef07437c47" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":0:"2fb9c3e41fff24ef07437c47" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=0, TAG=12, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":0:"":1:1:"2fb9c3e41fff24ef07437c47" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"3e6db953bd4e641de644e50a":"":"":1:"2fb9c3e41fff24ef07437c47" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:0:"f6d47505ec96c98a42dc3ae719877b87" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":0:"f6d47505ec96c98a42dc3ae719877b87" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=16, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":0:"":1:1:"f6d47505ec96c98a42dc3ae719877b87" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"886cff5f3e6b8d0e1ad0a38fcdb26de97e8acbe79f6bed66959a598fa5047d65":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"3a8efa1cd74bbab5448f9945":"519fee519d25c7a304d6c6aa1897ee1eb8c59655":"":1:"f6d47505ec96c98a42dc3ae719877b87" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:0:"5233f95bdcf5d666fb957acdcb" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":0:"5233f95bdcf5d666fb957acdcb" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=20, TAG=13, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":0:"":1:1:"5233f95bdcf5d666fb957acdcb" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"a7c928738b89c3258b910ac31bc465338b2e133b143fd52d9c9859eb1d01f2a0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"a483a7e94fbb2d694d3c4a8d":"bdb613cd3c2f0edd37b3ed43041bacb949ee51fa":"":1:"5233f95bdcf5d666fb957acdcb" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:0:"d57e27914ecb4a764359d3c0f8d4d6" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":0:"d57e27914ecb4a764359d3c0f8d4d6" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=15, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":0:"":1:1:"d57e27914ecb4a764359d3c0f8d4d6" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"16a5b58a1dbb273a8fc6a4af722d46dbb898dd86ab128cb93d8388a8647a80a3":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"59e0c40d6675923cf5e004d5":"5b4b4ffc9c66bd394abeed3f03b695b949b3b69a42198cc3bfad971174915df913b967ccf36ee1f001f54efbcd117b68":"":1:"d57e27914ecb4a764359d3c0f8d4d6" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:0:"72901467" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":0:"72901467" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=0, AAD=48, TAG=4, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":0:"":1:1:"72901467" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"5dd13092dd695b90ab835ed6343031c4cdb710d32f4d3804d72b46d921fcfa18":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"1de4bd816c8ec6bffc1e6453":"1b63d6278702abacf8b6c2faf542a808659fd5da03cdc1061a8593ea8ce9fc8ff54ffef6ebf3e15f7a832b4ae750a6ce":"":1:"72901467" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":0:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=15, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":0:"722ee47da4b77424733546c2d400c4e5":1:1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"ef9f9284cf599eac3b119905a7d18851e7e374cf63aea04358586b0f757670f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"b6ac8e4963f49207ffd6374c":"":"722ee47da4b77424733546c2d400c4e5":1:"1224dfefb72a20d49e09256908874979882eafea22adf8dbed06a2265f907b" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":0:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=0, TAG=12, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":0:"bcf48ddcfe9d011a1003973d68d2d78a":1:1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"b33b0e4c5b9f7ef77cec1a29ed5844bda3853238bdf7766e7645029931f169f0":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"f226d65e8654fdf5193ed721":"":"bcf48ddcfe9d011a1003973d68d2d78a":1:"d2eb20898a301b5d8e69e9926272021393af01abb6a970047a7fc010" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":0:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=16, TAG=14, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":0:"c37aada3d4408e880d47e41df77da9b9":1:1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"c6e126a65faec77ab62318e30d8a50c39a664670039a66ae5a6874201bc68f9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"0ba5193b2d3a8378d67163ce":"5844b289dc74327f9fd93f7aae1c3d39":"c37aada3d4408e880d47e41df77da9b9":1:"b5cd7563989b460a2fe187e90c41fc3179c73d0d1e3a4484909969de93b0" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":0:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" PSA Multipart AEAD encrypt, AES-GCM, CAVS 14.0, KEY=32, IV=12, IN=16, AAD=48, TAG=15, (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":0:"e5f410fe939e79b7ad33fbd3aaf5856f":1:1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" +aead_multipart_encrypt:PSA_KEY_TYPE_AES:"2e6942d537f1a98444c2f9dbdb5d8db42a503a00a17b57d516399569e044a703":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"7eb67721581ed52cfcfc2c4d":"a96cc73451502c7278b467ac85d5fc14fc1a2f51bc685645b173f0cd9af02d383095de063e6eaa50374ce9bc951e9e61":"e5f410fe939e79b7ad33fbd3aaf5856f":1:"727f5e19a5582e5782bbbe73517f0c04c492319abf12b03b380724ff1483a3" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #1 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":0:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes #2 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":0:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"97ce3f848276783599c6875de324361e":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":1:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,4):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847f":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES - GCM, 144 bytes, T = 15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,15):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":0:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, AES-GCM, 144 bytes, T=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":0:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":1:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":0:"db1a74ffb5f7de26f5742e0942b1b9cb":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"caf72ee1e62e1001e8cfbc63":"":"db1a74ffb5f7de26f5742e0942b1b9cb":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":0:"434ff68f2436f48418fd69f52158":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e79fb7defce4f650402e6b521170686d3eb2a0b9514f3a64":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"40e0d2d836c0519e7042419b":"41c5b5d971c0723bc1b63a259fe7e06c2961de1241bc34c13965f43636e4da3da8c75ed5956abe3a42f3039af005925a":"434ff68f2436f48418fd69f52158":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:0:"b03c2c20f758a93a8d1220232ad87098" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":0:"b03c2c20f758a93a8d1220232ad87098" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":0:"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:1:"b03c2c20f758a93a8d1220232ad87098" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e41d1f533d5b342ffe434b94b1372683bfd5d9d8cb79f9ee":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"5fe11a596dfcd3a305c1d711":"":"1847f64fff986476d1d2f758692f856da4a0ff98c0c1101694c84fd86680c9":1:"b03c2c20f758a93a8d1220232ad87098" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:0:"b22b2dcdcc18adc30d16297b84b459d8" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":0:"b22b2dcdcc18adc30d16297b84b459d8" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":0:"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:1:"b22b2dcdcc18adc30d16297b84b459d8" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"8e7da473c057a2a4669a0d22bf9b7c9913fba48930ca0c9b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"f9ff8ef80d76c50f9ca0e9ff":"f141bae18a1b54f065554fd34aa02c91c90f505c":"5deb093b6e7c766a64bb9d5170af1ff8bf130b64eebdce06a9bdb2cf1da15a":1:"b22b2dcdcc18adc30d16297b84b459d8" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:0:"7e5fd8b595ddc4753676107951d900e2" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":0:"7e5fd8b595ddc4753676107951d900e2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=12 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":0:"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:1:"7e5fd8b595ddc4753676107951d900e2" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"01bf150add51bb11623e3bfbebd62a7ea81c5b192b8eb6de":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"dfacbc6791b785d324c646b7":"e35412a625324257bef35399a7eacca34fec2d2d24166e6bb3e94d96f5c57599ded45e2a74503f07116caa1692398a07":"77579db3c6da769e17731faac4732d7cce65d960a49f94f6b583e54a":1:"7e5fd8b595ddc4753676107951d900e2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:0:"37245449db8f72b1ecdb420f629d3d80" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":0:"37245449db8f72b1ecdb420f629d3d80" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=16, AAD=48, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":0:"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:1:"37245449db8f72b1ecdb420f629d3d80" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"551266c4ed166fe1c43761927801ed50cb9c0b3864fc97df":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"e711afbeccd567f866340abb":"562d1697237ebc563941076d459727dfa094eb9ac00d30ed5836825d163dd27517c7660a01056b2d868c7fc5d0343830":"2b54cc27f6ee71882e8b1ead207d2b042d262e87eac97b58":1:"37245449db8f72b1ecdb420f629d3d80" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:0:"496909523f574b205d757659c5" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":0:"496909523f574b205d757659c5" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=0, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":0:"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:1:"496909523f574b205d757659c5" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"78fa4a2a5b5b1b1d9580ea527f2e1653e9336e15cc5462f5":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"98b774f7110e0bea624b487f":"":"a642aabed8b99e15e297ee705a40c3e2e506cb889727b327b7e044a8":1:"496909523f574b205d757659c5" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:0:"b6e056de521a27266dffbc0d96" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":0:"b6e056de521a27266dffbc0d96" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":0:"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:1:"b6e056de521a27266dffbc0d96" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"61f4c2e55d729c4657e503dfe2b604e2853675dbdeb0982a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"0c4d5548aa2d8d54964e1e63":"5affdf8886dabb14790aff3dbfcbdd80":"0d4eacc3db304f46cb7a9eba6ec105bf86d9dc0639b7cebbd5260f47":1:"b6e056de521a27266dffbc0d96" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:0:"f6d56f8c86f27d957fa63aea22" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":0:"f6d56f8c86f27d957fa63aea22" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=20, TAG=13 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":0:"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:1:"f6d56f8c86f27d957fa63aea22" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"73245c4f115a74fe71d6fefb9094c57c75f28033a3c7372b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 13 ):"536a82485999b93b0bb7ef24":"64dcad870a42eeec0730fd7a7e4154638a85d739":"29333e87bfe65d0e37da2936f695824d4e3f37fab3b8e2b868f6":1:"f6d56f8c86f27d957fa63aea22" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:0:"bd94b34511bc65ae47684805cb" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":0:"bd94b34511bc65ae47684805cb" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=24, IV=12, IN=13, AAD=48, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":0:"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:1:"bd94b34511bc65ae47684805cb" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"9002e74638e09dd1f091439518e1460cdd5905bd9e1a37ae":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"76c81a95d24be5c8bac63b50":"aa3ae4531aaac8f3eb07f748712c55a680bc8df5cf845edc66d09049500b41688b8023f5746879b45bdd586af29c4ede":"31bf37acbc53ca3fdbc9e5eaaebbb85a7f":1:"bd94b34511bc65ae47684805cb" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":0:"15e051a5e4a5f5da6cea92e2ebee5bac":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"58d2240f580a31c1d24948e9":"":"15e051a5e4a5f5da6cea92e2ebee5bac":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=16, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":0:"84c8beff4b0d160ee68ac613097f51":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"3395a1485315c5b5e6353acb05ae9499c440a2e9f5c57494662f827235ea314c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"3b7e632571602456b49880f0":"f283f80226dacb69c8af089ec6b59e81":"84c8beff4b0d160ee68ac613097f51":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":0:"8d6351f18d873242204c20144e2b83":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4dc46ca55c1c1fcb4720c274c0e675c2ac5bf93d8dd5e951ca9f6b61f884edc9":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"6473ab77dc885127422f5594":"e2cf8172ab4cf77eba45cd2c8ff939b938080a90":"8d6351f18d873242204c20144e2b83":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":0:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=0, AAD=48, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":0:"3bfd3d99fe2063e8ef8255519fe0":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"a7f95798434f9a0fe6fd8acd30b8bad96dbdcfacee4594f01cbf26479be7d154":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"9ef5a77b02137b46e8461d09":"5595a16fa12d4dcdba6b128480dce2d39c1211c3fb6068cde6013f6a80dfcda5eb92af8879e40ee9c177fd0e446fc8ca":"3bfd3d99fe2063e8ef8255519fe0":1:"" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:0:"7789b41cb3ee548814ca0b388c10b343" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":0:"7789b41cb3ee548814ca0b388c10b343" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=16 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":0:"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:1:"7789b41cb3ee548814ca0b388c10b343" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"4c8ebfe1444ec1b2d503c6986659af2c94fafe945f72c1e8486a5acfedb8a0f8":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 16 ):"473360e0ad24889959858995":"":"d2c78110ac7e8f107c0df0570bd7c90cc26a379b6d98ef2852ead8ce83a833a7":1:"7789b41cb3ee548814ca0b388c10b343" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:0:"4860116a6d2deb9bf794bfd6ac5bbbd6" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":0:"4860116a6d2deb9bf794bfd6ac5bbbd6" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=0, TAG=4 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":0:"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:1:"4860116a6d2deb9bf794bfd6ac5bbbd6" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"57805f98aae1b8b64bb49756529ab8181b3ada674a90c55422e9eb26c48bcd7b":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 4 ):"9735945d8ca161777206632a":"":"58375442ab1c0e6a8952c83d128d9fc5f45bb315":1:"4860116a6d2deb9bf794bfd6ac5bbbd6" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:0:"ff426dd751190ff826e8b4a0792d746e" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":0:"ff426dd751190ff826e8b4a0792d746e" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=16, TAG=8 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":0:"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:1:"ff426dd751190ff826e8b4a0792d746e" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"f913bb823a1d0c10b0b72d56866907b893f2266f15de1abc17f93600824db55a":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 8 ):"d4fe686a14592b6ca1bd6b42":"e35d880c1c53688eb83869de9dd8a473":"35af9b502ea6b56269f896bf98affdd59c2aa418b38bc7fd":1:"ff426dd751190ff826e8b4a0792d746e" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:0:"0a0b284515694188b6b6c15bc8a09036" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":0:"0a0b284515694188b6b6c15bc8a09036" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=16, AAD=20, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":0:"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:1:"0a0b284515694188b6b6c15bc8a09036" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"74e9d9d7cd0728cea94e169af485f21f9d2447e022f16008f803dcf5c4f7cc0c":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"ecba39edc96667da726122c0":"ae9ab021f86f5b81bb2e0fcbd4b855e1501e9f82":"e5745ce0e02dbba05363b548c3ac7047eacca7e61db6f72fc9b9e5bdb2bb":1:"0a0b284515694188b6b6c15bc8a09036" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:0:"f386b28e7eb4c2fb8eb5dc66a2" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":0:"f386b28e7eb4c2fb8eb5dc66a2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=0, TAG=14 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":0:"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:1:"f386b28e7eb4c2fb8eb5dc66a2" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"60667fce64b8c7169ddf45f335e46951248f69abc4e0f4f292d0ffe3dfd5219f":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 14 ):"1057322a39f08ef761c3c8fc":"":"501b033c841acb430c52d88fe9cb44c751f2f1641d1e801a534ac8":1:"f386b28e7eb4c2fb8eb5dc66a2" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:0:"da1c61fbfcdb73445ad4c7d889" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":0:"da1c61fbfcdb73445ad4c7d889" PSA Multipart AEAD decrypt, CAVS14.0, AES-GCM, KEY=32, IV=12, IN=13, AAD=20, TAG=15 (lengths set) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":0:"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:1:"da1c61fbfcdb73445ad4c7d889" +aead_multipart_decrypt:PSA_KEY_TYPE_AES:"e67590da399cbcdcddcc56110562ade8665b50287a8ab38e8b9ee7520531b560":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 15 ):"2c36ab6b686a66fba1805196":"823493d42f4f60b2d1433ad75eccaafd7e7c7d12":"cff6b6f03c67152f3ce1030653d9bd9a6559f5b04b48d77c2a1fc364":1:"da1c61fbfcdb73445ad4c7d889" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":0:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (RFC7539) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:0:"a0784d7a4716f3feb4f64e7f4b39bf04" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":0:"a0784d7a4716f3feb4f64e7f4b39bf04" PSA Multipart AEAD encrypt: ChaCha20-Poly1305 (zero-length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"":1:1:"a0784d7a4716f3feb4f64e7f4b39bf04" +aead_multipart_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04" PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":0:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (RFC7539, good tag) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":1:"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:0:"" +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":0:"" PSA Multipart AEAD decrypt: ChaCha20 - Poly1305 (good tag, zero - length input) (lengths set) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":1:"a0784d7a4716f3feb4f64e7f4b39bf04":1:1:"" +aead_multipart_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":1:"" PSA Multipart AEAD verify, AES - GCM, invalid signature depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 81bd24671..591c2960d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3788,9 +3788,7 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int do_test_ad_chunked, data_t *input_data, - int do_test_data_chunked, int do_set_lengths, data_t *expected_output ) { @@ -3798,92 +3796,77 @@ void aead_multipart_encrypt( int key_type_arg, data_t *key_data, size_t data_part_len = 0; set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; - /* Ensure that either one part of the test or the other is done, i.e this - * test does something. */ - TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked ); - - /* Temporary whilst we have algorithms that cannot support chunking */ - if( do_test_ad_chunked == 1 ) + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) { - for( ad_part_len = 1; ad_part_len <= additional_data->len; - ad_part_len++ ) + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) { - mbedtls_test_set_step( ad_part_len ); - - if( do_set_lengths ) - { - if( ad_part_len & 0x01 ) - set_lengths_method = SET_LENGTHS_AFTER_NONCE; - else - set_lengths_method = SET_LENGTHS_BEFORE_NONCE; - } - - /* Split ad into length(ad_part_len) parts. */ - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - set_lengths_method, - expected_output, - 1, 0 ) ) - break; - - /* length(0) part, length(ad_part_len) part, length(0) part... */ - mbedtls_test_set_step( 1000 + ad_part_len ); - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - set_lengths_method, - expected_output, - 1, 1 ) ) - break; + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; } + + /* Split ad into length(ad_part_len) parts. */ + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; } - /* Temporary whilst we have algorithms that cannot support chunking */ - if( do_test_data_chunked == 1 ) + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - for( data_part_len = 1; data_part_len <= input_data->len; - data_part_len++ ) + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) { - /* Split data into length(data_part_len) parts. */ - mbedtls_test_set_step( 2000 + data_part_len ); - - if( do_set_lengths ) - { - if( data_part_len & 0x01 ) - set_lengths_method = SET_LENGTHS_AFTER_NONCE; - else - set_lengths_method = SET_LENGTHS_BEFORE_NONCE; - } - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - set_lengths_method, - expected_output, - 1, 0 ) ) - break; - - /* length(0) part, length(data_part_len) part, length(0) part... */ - mbedtls_test_set_step( 3000 + data_part_len ); - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - set_lengths_method, - expected_output, - 1, 1 ) ) - break; + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; } - } + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 1, 1 ) ) + break; + } /* Goto is required to silence warnings about unused labels, as we * don't actually do any test assertions in this function. */ @@ -3896,9 +3879,7 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, int alg_arg, data_t *nonce, data_t *additional_data, - int do_test_ad_chunked, data_t *input_data, - int do_test_data_chunked, int do_set_lengths, data_t *expected_output ) { @@ -3906,90 +3887,76 @@ void aead_multipart_decrypt( int key_type_arg, data_t *key_data, size_t data_part_len = 0; set_lengths_method_t set_lengths_method = DO_NOT_SET_LENGTHS; - /* Ensure that either one part of the test or the other is done, i.e this - * test does something. */ - TEST_ASSERT( do_test_ad_chunked || do_test_data_chunked ); - - /* Temporary whilst we have algorithms that cannot support chunking */ - if( do_test_ad_chunked == 1 ) + for( ad_part_len = 1; ad_part_len <= additional_data->len; ad_part_len++ ) { - for( ad_part_len = 1; ad_part_len <= additional_data->len; - ad_part_len++ ) + /* Split ad into length(ad_part_len) parts. */ + mbedtls_test_set_step( ad_part_len ); + + if( do_set_lengths ) { - /* Split ad into length(ad_part_len) parts. */ - mbedtls_test_set_step( ad_part_len ); - - if( do_set_lengths ) - { - if( ad_part_len & 0x01 ) - set_lengths_method = SET_LENGTHS_AFTER_NONCE; - else - set_lengths_method = SET_LENGTHS_BEFORE_NONCE; - } - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - set_lengths_method, - expected_output, - 0, 0 ) ) - break; - - /* length(0) part, length(ad_part_len) part, length(0) part... */ - mbedtls_test_set_step( 1000 + ad_part_len ); - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, - ad_part_len, - input_data, -1, - set_lengths_method, - expected_output, - 0, 1 ) ) - break; + if( ad_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(ad_part_len) part, length(0) part... */ + mbedtls_test_set_step( 1000 + ad_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, + ad_part_len, + input_data, -1, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; } - /* Temporary whilst we have algorithms that cannot support chunking */ - if( do_test_data_chunked == 1 ) + for( data_part_len = 1; data_part_len <= input_data->len; data_part_len++ ) { - for( data_part_len = 1; data_part_len <= input_data->len; - data_part_len++ ) + /* Split data into length(data_part_len) parts. */ + mbedtls_test_set_step( 2000 + data_part_len ); + + if( do_set_lengths ) { - /* Split data into length(data_part_len) parts. */ - mbedtls_test_set_step( 2000 + data_part_len ); - - if( do_set_lengths ) - { - if( data_part_len & 0x01 ) - set_lengths_method = SET_LENGTHS_AFTER_NONCE; - else - set_lengths_method = SET_LENGTHS_BEFORE_NONCE; - } - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - set_lengths_method, - expected_output, - 0, 0 ) ) - break; - - /* length(0) part, length(data_part_len) part, length(0) part... */ - mbedtls_test_set_step( 3000 + data_part_len ); - - if( !aead_multipart_internal_func( key_type_arg, key_data, - alg_arg, nonce, - additional_data, -1, - input_data, data_part_len, - set_lengths_method, - expected_output, - 0, 1 ) ) - break; + if( data_part_len & 0x01 ) + set_lengths_method = SET_LENGTHS_AFTER_NONCE; + else + set_lengths_method = SET_LENGTHS_BEFORE_NONCE; } + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 0 ) ) + break; + + /* length(0) part, length(data_part_len) part, length(0) part... */ + mbedtls_test_set_step( 3000 + data_part_len ); + + if( !aead_multipart_internal_func( key_type_arg, key_data, + alg_arg, nonce, + additional_data, -1, + input_data, data_part_len, + set_lengths_method, + expected_output, + 0, 1 ) ) + break; } /* Goto is required to silence warnings about unused labels, as we From c7e7fe5c05880ebe2293671d42e7198bdfeadb47 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 09:23:40 +0100 Subject: [PATCH 179/195] Add missing MBEDTLS_PRIVATE Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 4b1195d8b..26894156c 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -157,7 +157,7 @@ struct psa_aead_operation_s * ID values are auto-generated in psa_crypto_driver_wrappers.h * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ - unsigned int id; + unsigned int MBEDTLS_PRIVATE(id); psa_algorithm_t MBEDTLS_PRIVATE(alg); psa_key_type_t MBEDTLS_PRIVATE(key_type); From c78833abc70c9b641a5e626388d4c8445eac45f7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 16:00:40 +0100 Subject: [PATCH 180/195] Add reminder of assumption to documentation Key size is not verified by this function, but by the level above it. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 9b6b798b6..e82e1cc09 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -169,6 +169,8 @@ psa_status_t mbedtls_psa_aead_decrypt( * operation. * \param[in] key_buffer The buffer containing the key context. * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -210,6 +212,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( * operation. * \param[in] key_buffer The buffer containing the key context. * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + It must be consistent with the size in bits + recorded in \p attributes. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). From 745f5f2724804623a43dc86bcace687923960fec Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 17:38:08 +0100 Subject: [PATCH 181/195] Add test for PolyChaCha with shortened tag Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e48bd976f..f83f83b86 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3330,6 +3330,10 @@ PSA AEAD setup: invalid algorithm (ChaCha20) depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:PSA_ERROR_INVALID_ARGUMENT +PSA AEAD setup: invalid algorithm (ChaCha20 - Poly1305 with short tag) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED + PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_state_test:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E" From 325d374e3d406f3862d2cfb6570a17087e2361d8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 17:56:28 +0100 Subject: [PATCH 182/195] Move set lengths checking to PSA Core Signed-off-by: Paul Elliott --- library/psa_crypto.c | 35 ++++++++++++++++++++ library/psa_crypto_aead.c | 49 ---------------------------- library/psa_crypto_aead.h | 41 ----------------------- library/psa_crypto_driver_wrappers.c | 6 ++-- tests/src/drivers/test_driver_aead.c | 5 ++- 5 files changed, 40 insertions(+), 96 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 83b45f097..65dc5c7fe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3901,6 +3901,41 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, goto exit; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* Lengths can only be too large for GCM if size_t is bigger than 32 + * bits. Without the guard this code will generate warnings on 32bit + * builds */ +#if SIZE_MAX > UINT32_MAX + if( (( uint64_t ) ad_length ) >> 61 != 0 || + (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } +#endif + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( ad_length > 0xFF00 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + /* No length restrictions for ChaChaPoly. */ + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ); diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 9000abf30..d7317bd1a 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -477,55 +477,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( return( status ); } - /* Declare the lengths of the message and additional data for AEAD. */ -psa_status_t mbedtls_psa_aead_set_lengths( - mbedtls_psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length ) -{ - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation->alg == PSA_ALG_GCM ) - { - /* Lengths can only be too large for GCM if size_t is bigger than 32 - * bits. Without the guard this code will generate warnings on 32bit - * builds */ -#if SIZE_MAX > UINT32_MAX - if( ( (uint64_t) ad_length ) >> 61 != 0 || - ( (uint64_t) plaintext_length ) > 0xFFFFFFFE0ull ) - { - return ( PSA_ERROR_INVALID_ARGUMENT ); - } -#endif - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - if( ad_length > 0xFF00 ) - return ( PSA_ERROR_INVALID_ARGUMENT ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { - /* No length restrictions for ChaChaPoly. */ - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - { - ( void ) operation; - ( void ) ad_length; - ( void ) plaintext_length; - - return ( PSA_ERROR_NOT_SUPPORTED ); - } - - return ( PSA_SUCCESS ); -} - /* Pass additional data to an active multipart AEAD operation. */ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t *operation, diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index e82e1cc09..f968c15c8 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -267,47 +267,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( const uint8_t *nonce, size_t nonce_length ); -/** Declare the lengths of the message and additional data for AEAD. - * - * \note The signature of this function is that of a PSA driver aead_set_lengths - * entry point. This function behaves as an aead_set_lengths entry point - * as defined in the PSA driver interface specification for transparent - * drivers. - * - * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() - * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. - * If the algorithm does not require it, calling this function is optional, but - * if this function is called then the implementation must enforce the lengths. - * - * The PSA core may call this function before or after setting the nonce with - * mbedtls_psa_aead_set_nonce(). - * - * - For #PSA_ALG_CCM, calling this function is required. - * - For the other AEAD algorithms defined in this specification, calling - * this function is not required. - * - * If this function returns an error status, the PSA core calls - * mbedtls_psa_aead_abort(). - * - * \param[in,out] operation Active AEAD operation. - * \param ad_length Size of the non-encrypted additional - * authenticated data in bytes. - * \param plaintext_length Size of the plaintext to encrypt in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * At least one of the lengths is not acceptable for the chosen - * algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * Algorithm previously set is not supported in this configuration of - * the library. - */ -psa_status_t mbedtls_psa_aead_set_lengths( - mbedtls_psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length ); - /** Pass additional data to an active AEAD operation. * * \note The signature of this function is that of a PSA driver diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index cfc77fbb5..4bbb61c3d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1706,9 +1706,9 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( { #if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, - ad_length, - plaintext_length ) ); + /* No mbedtls_psa_aead_set_lengths, everything is done in PSA + * Core. */ + return( PSA_SUCCESS ); #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 6befe7cc0..d27ada294 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -171,9 +171,8 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { - mbedtls_test_driver_aead_hooks.driver_status = - mbedtls_psa_aead_set_lengths( operation, ad_length, - plaintext_length ); + /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */ + mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS; } return( mbedtls_test_driver_aead_hooks.driver_status ); From 4ed1ed18d2a5595164bbc2b08df7ef814235e289 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Sep 2021 18:09:28 +0100 Subject: [PATCH 183/195] Move nonce size checking to PSA Core Signed-off-by: Paul Elliott --- library/psa_crypto.c | 42 ++++++++++++++++++++++++++++++++++----- library/psa_crypto_aead.c | 6 ------ 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 65dc5c7fe..fd2069b79 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3863,11 +3863,43 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } - /* Not checking nonce size here as GCM spec allows almost arbitrarily - * large nonces. Please note that we do not generally recommend the usage - * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large - * nonces are hashed to a shorter size, which can then lead to collisions - * if you encrypt a very large number of messages.*/ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( operation->alg == PSA_ALG_GCM ) + { + /* Not checking max nonce size here as GCM spec allows almost + * arbitrarily large nonces. Please note that we do not generally + * recommend the usage of nonces of greater length than + * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter + * size, which can then lead to collisions if you encrypt a very + * large number of messages.*/ + if( nonce_length == 0 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( operation->alg == PSA_ALG_CCM ) + { + if( nonce_length < 7 || nonce_length > 13 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ status = psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ); diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index d7317bd1a..4f6e70809 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -438,12 +438,6 @@ psa_status_t mbedtls_psa_aead_set_nonce( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( mbedtls_aead_check_nonce_length( operation, nonce_length ) - != PSA_SUCCESS ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { From dff6c5d963af83a0f0dfda501bdfabc289a51b37 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 11:00:20 +0100 Subject: [PATCH 184/195] Restore internal driver for aead_set_lengths Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 23 ++++++++++++++++ library/psa_crypto_aead.h | 41 ++++++++++++++++++++++++++++ library/psa_crypto_driver_wrappers.c | 6 ++-- tests/src/drivers/test_driver_aead.c | 5 ++-- 4 files changed, 70 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 4f6e70809..2c6e4435c 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -471,6 +471,29 @@ psa_status_t mbedtls_psa_aead_set_nonce( return( status ); } + /* Declare the lengths of the message and additional data for AEAD. */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ) +{ + + ( void ) operation; + ( void ) ad_length; + ( void ) plaintext_length; + +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) && \ + !defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) && \ + !defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + { + return ( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_GCM && !MBEDTLS_PSA_BUILTIN_ALG_CCM && + !MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) */ + + return ( PSA_SUCCESS ); +} + /* Pass additional data to an active multipart AEAD operation. */ psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t *operation, diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index f968c15c8..e82e1cc09 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -267,6 +267,47 @@ psa_status_t mbedtls_psa_aead_set_nonce( const uint8_t *nonce, size_t nonce_length ); +/** Declare the lengths of the message and additional data for AEAD. + * + * \note The signature of this function is that of a PSA driver aead_set_lengths + * entry point. This function behaves as an aead_set_lengths entry point + * as defined in the PSA driver interface specification for transparent + * drivers. + * + * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() + * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. + * If the algorithm does not require it, calling this function is optional, but + * if this function is called then the implementation must enforce the lengths. + * + * The PSA core may call this function before or after setting the nonce with + * mbedtls_psa_aead_set_nonce(). + * + * - For #PSA_ALG_CCM, calling this function is required. + * - For the other AEAD algorithms defined in this specification, calling + * this function is not required. + * + * If this function returns an error status, the PSA core calls + * mbedtls_psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param ad_length Size of the non-encrypted additional + * authenticated data in bytes. + * \param plaintext_length Size of the plaintext to encrypt in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * At least one of the lengths is not acceptable for the chosen + * algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Algorithm previously set is not supported in this configuration of + * the library. + */ +psa_status_t mbedtls_psa_aead_set_lengths( + mbedtls_psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length ); + /** Pass additional data to an active AEAD operation. * * \note The signature of this function is that of a PSA driver diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 4bbb61c3d..cfc77fbb5 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1706,9 +1706,9 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( { #if defined(MBEDTLS_PSA_BUILTIN_AEAD) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - /* No mbedtls_psa_aead_set_lengths, everything is done in PSA - * Core. */ - return( PSA_SUCCESS ); + return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, + ad_length, + plaintext_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index d27ada294..6befe7cc0 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -171,8 +171,9 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { - /* No mbedtls_psa_aead_set_lengths, everything is done in PSA Core. */ - mbedtls_test_driver_aead_hooks.driver_status = PSA_SUCCESS; + mbedtls_test_driver_aead_hooks.driver_status = + mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); } return( mbedtls_test_driver_aead_hooks.driver_status ); From bb0f9e1740bf1f6630c120abb4e13a31514dad3f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 11:14:27 +0100 Subject: [PATCH 185/195] Move all nonce length checks to PSA Core Remove duplicated code from oneshot API Signed-off-by: Paul Elliott --- library/psa_crypto.c | 86 +++++++++++++++++++++++---------------- library/psa_crypto_aead.c | 41 ------------------- 2 files changed, 51 insertions(+), 76 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fd2069b79..42abdf5c4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3609,6 +3609,42 @@ exit: /* AEAD */ /****************************************************************/ +/* Helper to perform common nonce length checks. */ +static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, + size_t nonce_length ) +{ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) + if( alg == PSA_ALG_GCM ) + { + /* Not checking max nonce size here as GCM spec allows almost + * arbitrarily large nonces. Please note that we do not generally + * recommend the usage of nonces of greater length than + * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter + * size, which can then lead to collisions if you encrypt a very + * large number of messages.*/ + if( nonce_length == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) + if( alg == PSA_ALG_CCM ) + { + if( nonce_length < 7 || nonce_length > 13 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) + if( alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ + + return PSA_SUCCESS; +} + psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, @@ -3638,6 +3674,10 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3649,6 +3689,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && ciphertext_size != 0 ) memset( ciphertext, 0, ciphertext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); @@ -3683,6 +3724,10 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, .core = slot->attr }; + status = psa_aead_check_nonce_length( alg, nonce_length ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_driver_wrapper_aead_decrypt( &attributes, slot->key.data, slot->key.bytes, alg, @@ -3694,6 +3739,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS && plaintext_size != 0 ) memset( plaintext, 0, plaintext_size ); +exit: psa_unlock_key_slot( slot ); return( status ); @@ -3863,43 +3909,13 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation->alg == PSA_ALG_GCM ) + status = psa_aead_check_nonce_length( operation->alg, nonce_length ); + + if( status != PSA_SUCCESS ) { - /* Not checking max nonce size here as GCM spec allows almost - * arbitrarily large nonces. Please note that we do not generally - * recommend the usage of nonces of greater length than - * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter - * size, which can then lead to collisions if you encrypt a very - * large number of messages.*/ - if( nonce_length == 0 ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - if( nonce_length < 7 || nonce_length > 13 ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ status = psa_driver_wrapper_aead_set_nonce( operation, nonce, nonce_length ); diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 2c6e4435c..5e36932e7 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -136,37 +136,6 @@ static psa_status_t psa_aead_setup( return( PSA_SUCCESS ); } -/* Perform common nonce length checks */ -static psa_status_t mbedtls_aead_check_nonce_length( - mbedtls_psa_aead_operation_t *operation, - size_t nonce_length ) -{ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( operation->alg == PSA_ALG_GCM ) - { - if( nonce_length == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( operation->alg == PSA_ALG_CCM ) - { - if( nonce_length < 7 || nonce_length > 13 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ - - return PSA_SUCCESS; -} - psa_status_t mbedtls_psa_aead_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -195,11 +164,6 @@ psa_status_t mbedtls_psa_aead_encrypt( } tag = ciphertext + plaintext_length; - status = mbedtls_aead_check_nonce_length( &operation, nonce_length ); - - if( status != PSA_SUCCESS ) - goto exit; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) { @@ -308,11 +272,6 @@ psa_status_t mbedtls_psa_aead_decrypt( if( status != PSA_SUCCESS ) goto exit; - status = mbedtls_aead_check_nonce_length( &operation, nonce_length ); - - if( status != PSA_SUCCESS ) - goto exit; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) if( operation.alg == PSA_ALG_CCM ) { From 946c9204757da344755d3265a779270ef578c1cb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 14:32:55 +0100 Subject: [PATCH 186/195] Add safety for nonce length to internal driver Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 5e36932e7..bc37a043e 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -412,6 +412,16 @@ psa_status_t mbedtls_psa_aead_set_nonce( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { + /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to + * allocate a buffer in the operation, copy the nonce to it and pad + * it, so for now check the nonce is 12 bytes, as + * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the + * passed in buffer. */ + if( nonce_length != 12 ) + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + status = mbedtls_to_psa_error( mbedtls_chachapoly_starts( &operation->ctx.chachapoly, nonce, From 814f0c5fb1e8c47aa7e27c8216e98a6393a8c56e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 14:41:22 +0100 Subject: [PATCH 187/195] Remove check for lack of supported ciphers Add comment explaining (currently) empty function. Signed-off-by: Paul Elliott --- library/psa_crypto_aead.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index bc37a043e..a72865c04 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -446,20 +446,12 @@ psa_status_t mbedtls_psa_aead_set_lengths( size_t ad_length, size_t plaintext_length ) { - + /* Nothing here yet, work is currently done in PSA Core, however support + * for CCM will require this function. */ ( void ) operation; ( void ) ad_length; ( void ) plaintext_length; -#if !defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) && \ - !defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) && \ - !defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - { - return ( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* !MBEDTLS_PSA_BUILTIN_ALG_GCM && !MBEDTLS_PSA_BUILTIN_ALG_CCM && - !MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) */ - return ( PSA_SUCCESS ); } From baff51c8b7d0e6d9e023fa4f0cea4410fc08f719 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 28 Sep 2021 17:44:45 +0100 Subject: [PATCH 188/195] Make sure nonce length checks use base algorithm Nonce length checks are now being used in the oneshot AEAD code as well, which passes variant algorithms, not the base version, so need to convert to base if necessary. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 42abdf5c4..395a69730 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3609,12 +3609,20 @@ exit: /* AEAD */ /****************************************************************/ -/* Helper to perform common nonce length checks. */ +/* Helper function to get the base algorithm from its variants. */ +static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) +{ + return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); +} + +/* Helper function to perform common nonce length checks. */ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, size_t nonce_length ) { + psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg ); + #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) - if( alg == PSA_ALG_GCM ) + if( base_alg == PSA_ALG_GCM ) { /* Not checking max nonce size here as GCM spec allows almost * arbitrarily large nonces. Please note that we do not generally @@ -3627,7 +3635,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, } #endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) - if( alg == PSA_ALG_CCM ) + if( base_alg == PSA_ALG_CCM ) { if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -3635,11 +3643,11 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) - if( alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } + if( base_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 ) + return( PSA_ERROR_NOT_SUPPORTED ); + } #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ return PSA_SUCCESS; @@ -3745,12 +3753,6 @@ exit: return( status ); } -/* Helper function to get the base algorithm from its variants. */ -static psa_algorithm_t psa_aead_get_base_algorithm( psa_algorithm_t alg ) -{ - return PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg ); -} - /* Set the key for a multipart authenticated operation. */ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, int is_encrypt, From e716e6c00bcc81e54d233b430319b544b065cd75 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Sep 2021 14:10:20 +0100 Subject: [PATCH 189/195] Switch cipher enabled macros Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_ macros, as code was moved from the internal drivers to the PSA Core. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 395a69730..ea02f24d1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3621,7 +3621,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, { psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg ); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) +#if defined(PSA_WANT_ALG_GCM) if( base_alg == PSA_ALG_GCM ) { /* Not checking max nonce size here as GCM spec allows almost @@ -3633,22 +3633,22 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, if( nonce_length == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) if( base_alg == PSA_ALG_CCM ) { if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_NOT_SUPPORTED ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) if( base_alg == PSA_ALG_CHACHA20_POLY1305 ) { if( nonce_length != 12 ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ return PSA_SUCCESS; } @@ -3951,7 +3951,7 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) +#if defined(PSA_WANT_ALG_GCM) if( operation->alg == PSA_ALG_GCM ) { /* Lengths can only be too large for GCM if size_t is bigger than 32 @@ -3967,8 +3967,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, #endif } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) +#endif /* PSA_WANT_ALG_GCM */ +#if defined(PSA_WANT_ALG_CCM) if( operation->alg == PSA_ALG_CCM ) { if( ad_length > 0xFF00 ) @@ -3978,13 +3978,13 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, } } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#endif /* PSA_WANT_ALG_CCM */ +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) { /* No length restrictions for ChaChaPoly. */ } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, plaintext_length ); From 355f59edbe7ef021131f1dc378a10013eb668c5f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Sep 2021 14:16:19 +0100 Subject: [PATCH 190/195] Fix formatting issues Signed-off-by: Paul Elliott --- library/psa_crypto.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ea02f24d1..ee2eec59b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3912,7 +3912,6 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation, } status = psa_aead_check_nonce_length( operation->alg, nonce_length ); - if( status != PSA_SUCCESS ) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -3955,8 +3954,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation, if( operation->alg == PSA_ALG_GCM ) { /* Lengths can only be too large for GCM if size_t is bigger than 32 - * bits. Without the guard this code will generate warnings on 32bit - * builds */ + * bits. Without the guard this code will generate warnings on 32bit + * builds. */ #if SIZE_MAX > UINT32_MAX if( (( uint64_t ) ad_length ) >> 61 != 0 || (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull ) From 60116aee9e86206caf8e16d8b2da7a4205d9735a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Sep 2021 14:19:11 +0100 Subject: [PATCH 191/195] Invert logic on nonce length tests Signed-off-by: Paul Elliott --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ee2eec59b..ece64b100 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3630,27 +3630,27 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter * size, which can then lead to collisions if you encrypt a very * large number of messages.*/ - if( nonce_length == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if( nonce_length != 0 ) + return( PSA_SUCCESS ); } #endif /* PSA_WANT_ALG_GCM */ #if defined(PSA_WANT_ALG_CCM) if( base_alg == PSA_ALG_CCM ) { - if( nonce_length < 7 || nonce_length > 13 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if( nonce_length >= 7 && nonce_length <= 13 ) + return( PSA_SUCCESS ); } else #endif /* PSA_WANT_ALG_CCM */ #if defined(PSA_WANT_ALG_CHACHA20_POLY1305) if( base_alg == PSA_ALG_CHACHA20_POLY1305 ) { - if( nonce_length != 12 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if( nonce_length == 12 ) + return( PSA_SUCCESS ); } #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ - return PSA_SUCCESS; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, From 4ef7bd8595a8264cad957dca868c317691ed11e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Sep 2021 21:23:57 +0200 Subject: [PATCH 192/195] Simplify PSA_ALG_AEAD_WITH_SHORTENED_TAG with full-length tag Only use PSA_ALG_AEAD_WITH_SHORTENED_TAG with the default tag length when it's part of a series or when the tag length is a critical part of the test. Don't use it when the tag length is secondary, to make the test data easier to read. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 29 +++++++++++++------------ 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f83f83b86..7830968ce 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3212,19 +3212,19 @@ aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909 PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:12:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 11 / Expect 0) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:11:0:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 0 / Expect 0) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:0:"":"":PSA_ERROR_BUFFER_TOO_SMALL PSA Multipart Nonce Generation, AES - GCM, NONCE = (Req 16 / Expect 12) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_generate_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:12:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Nonce Generation: ChaCha20 - Poly1305, NONCE = (Req 12 / Expect 12) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -3244,19 +3244,20 @@ aead_multipart_generate_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8 PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (NULL) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:0:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce, AES - GCM, NONCE = 0 (Non-NULL) depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):-1:"":"":PSA_ERROR_INVALID_ARGUMENT +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:-1:"":"":PSA_ERROR_INVALID_ARGUMENT PSA Multipart Set Nonce, AES - GCM, NONCE = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce, AES - GCM, NONCE = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -3280,11 +3281,11 @@ aead_multipart_set_nonce:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD output buffer test: AES - GCM, IN = 16, BUF = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_update_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD output buffer test: ChaCha20 - Poly1305 IN = 130, BUF = 129 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -3296,19 +3297,19 @@ aead_multipart_update_buffer_test:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8 PSA AEAD finish buffer test: AES - GCM, BUF = 8, TAG = 16 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:8:16:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:20:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_SUCCESS PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 15 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:15:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD finish buffer test: AES - GCM, BUF = 15, TAG = 0 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,16):15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL +aead_multipart_finish_buffer_test:PSA_KEY_TYPE_AES:"fbc0b4c56a714c83217b2d1bcadd2ed2e9efb0dcac6cc19f":PSA_ALG_GCM:15:0:"5f4b43e811da9c470d6a9b01":"":"d2ae38c4375954835d75b8e4c2f9bbb4":PSA_ERROR_BUFFER_TOO_SMALL PSA AEAD finish buffer test: ChaCha20 - Poly1305, BUF = 0, TAG = 20 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 From 96b332ccaca1395057d45fdb8be24b883446fb3f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Sep 2021 21:26:12 +0200 Subject: [PATCH 193/195] Test invalid nonce length for one-shot AEAD decryption Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7830968ce..21f52b28b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2482,6 +2482,22 @@ PSA AEAD decrypt: AES-CCM, invalid tag length 18 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-CCM, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 6 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c090693056":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-CCM_8, invalid nonce length 14 +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 8 ):"48c0906930561e0ab0ef4cd97200":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_NOT_SUPPORTED + PSA AEAD encrypt/decrypt, AES-GCM, 19 bytes #1 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS @@ -2634,6 +2650,14 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 2 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 2 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD decrypt: AES-GCM, nonce=0 (bad) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: AES-GCM, nonce=0 (bad), TAG=12 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 12 ):"":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"":PSA_ERROR_NOT_SUPPORTED + PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT @@ -2738,6 +2762,18 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=8, not supported) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) +depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"07000000404142434445464700":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED From cc12395c7b1faa9ce35a5dcf4c34981871e71f6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Sep 2021 21:26:35 +0200 Subject: [PATCH 194/195] Test invalid nonce length for multipart AEAD with short tag Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 21f52b28b..5a91fcea2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3294,6 +3294,21 @@ PSA Multipart Set Nonce, AES - GCM, NONCE = 20 depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_GCM:20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):0:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 0 (Non-NULL) +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):-1:"":"":PSA_ERROR_INVALID_ARGUMENT + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 16 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):16:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS + +PSA Multipart Set Nonce, AES - GCM_12, NONCE = 20 +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +aead_multipart_set_nonce:PSA_KEY_TYPE_AES:"aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM,12):20:"290322092d57479e20f6281e331d95a9":"e7fb0631eebf9bdba87045b33650c4ce":PSA_SUCCESS PSA Multipart Set Nonce: ChaCha20 - Poly1305, NONCE = 11 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 From 8739f0fb8d92e8a5e73259ed74f98c03ca19af86 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 29 Sep 2021 16:16:47 +0100 Subject: [PATCH 195/195] Fix incorrect nonce length on oneshot test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5a91fcea2..063629e59 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2768,7 +2768,7 @@ aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495 PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=11, too short) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"0700000040414243444546":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_ERROR_NOT_SUPPORTED PSA AEAD decrypt: ChaCha20-Poly1305 (nonce=13, too long) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20