cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Stop supporting NIST_KW in cipher_auth_xxcrypt()

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-12-01 09:57:55 +01:00
parent 53f10e70fd
commit f2ffbc4387
3 changed files with 54 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/mbedtls/cipher.h
View File

@ -858,10 +858,14 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CIPHER_MODE_AEAD) #if defined(MBEDTLS_CIPHER_MODE_AEAD)
/** /**
* \brief The generic autenticated encryption (AEAD) function. * \brief The generic authenticated encryption (AEAD) function.
*
* \note This function only supports AEAD algorithms, not key
* wrapping algorithms such as NIST_KW; for this, see
* mbedtls_cipher_auth_encrypt_ext().
* *
* \param ctx The generic cipher context. This must be initialized and * \param ctx The generic cipher context. This must be initialized and
* bound to a key. * bound to a key associated with an AEAD algorithm.
* \param iv The nonce to use. This must be a readable buffer of * \param iv The nonce to use. This must be a readable buffer of
* at least \p iv_len Bytes and must not be \c NULL. * at least \p iv_len Bytes and must not be \c NULL.
* \param iv_len The length of the nonce. This must satisfy the * \param iv_len The length of the nonce. This must satisfy the
@ -885,7 +889,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
* below regarding restrictions with PSA-based contexts. * below regarding restrictions with PSA-based contexts.
* \param tag_len The desired length of the authentication tag. This * \param tag_len The desired length of the authentication tag. This
* must match the constraints imposed by the AEAD cipher * must match the constraints imposed by the AEAD cipher
* used, and in particuler must not be \c 0. * used, and in particular must not be \c 0.
* *
* \note If the context is based on PSA (that is, it was set up * \note If the context is based on PSA (that is, it was set up
* with mbedtls_cipher_setup_psa()), then it is required * with mbedtls_cipher_setup_psa()), then it is required
@ -905,14 +909,18 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len ); unsigned char *tag, size_t tag_len );
/** /**
* \brief The generic autenticated decryption (AEAD) function. * \brief The generic authenticated decryption (AEAD) function.
*
* \note This function only supports AEAD algorithms, not key
* wrapping algorithms such as NIST_KW; for this, see
* mbedtls_cipher_auth_encrypt_ext().
* *
* \note If the data is not authentic, then the output buffer * \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being * is zeroed out to prevent the unauthentic plaintext being
* used, making this interface safer. * used, making this interface safer.
* *
* \param ctx The generic cipher context. This must be initialized and * \param ctx The generic cipher context. This must be initialized and
* and bound to a key. * bound to a key associated with an AEAD algorithm.
* \param iv The nonce to use. This must be a readable buffer of * \param iv The nonce to use. This must be a readable buffer of
* at least \p iv_len Bytes and must not be \c NULL. * at least \p iv_len Bytes and must not be \c NULL.
* \param iv_len The length of the nonce. This must satisfy the * \param iv_len The length of the nonce. This must satisfy the
@ -959,14 +967,14 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/** /**
* \brief The autenticated encryption (AEAD/NIST_KW) function. * \brief The authenticated encryption (AEAD/NIST_KW) function.
* *
* \note For AEAD modes, the tag will be appended to the * \note For AEAD modes, the tag will be appended to the
* ciphertext, as recommended by RFC 5116. * ciphertext, as recommended by RFC 5116.
* (NIST_KW doesn't have a separate tag.) * (NIST_KW doesn't have a separate tag.)
* *
* \param ctx The generic cipher context. This must be initialized and * \param ctx The generic cipher context. This must be initialized and
* bound to a key. * bound to a key, with an AEAD algorithm or NIST_KW.
* \param iv The nonce to use. This must be a readable buffer of * \param iv The nonce to use. This must be a readable buffer of
* at least \p iv_len Bytes and may be \c NULL if \p * at least \p iv_len Bytes and may be \c NULL if \p
* iv_len is \c 0. * iv_len is \c 0.
@ -994,7 +1002,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
* writable object of type \c size_t. * writable object of type \c size_t.
* \param tag_len The desired length of the authentication tag. For AEAD * \param tag_len The desired length of the authentication tag. For AEAD
* ciphers, this must match the constraints imposed by * ciphers, this must match the constraints imposed by
* the cipher used, and in particuler must not be \c 0. * the cipher used, and in particular must not be \c 0.
* For NIST_KW, this must be \c 0. * For NIST_KW, this must be \c 0.
* *
* \return \c 0 on success. * \return \c 0 on success.
@ -1010,7 +1018,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
size_t *olen, size_t tag_len ); size_t *olen, size_t tag_len );
/** /**
* \brief The autenticated encryption (AEAD/NIST_KW) function. * \brief The authenticated encryption (AEAD/NIST_KW) function.
* *
* \note If the data is not authentic, then the output buffer * \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being * is zeroed out to prevent the unauthentic plaintext being
@ -1021,7 +1029,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
* (NIST_KW doesn't have a separate tag.) * (NIST_KW doesn't have a separate tag.)
* *
* \param ctx The generic cipher context. This must be initialized and * \param ctx The generic cipher context. This must be initialized and
* and bound to a key. * bound to a key, with an AEAD algorithm or NIST_KW.
* \param iv The nonce to use. This must be a readable buffer of * \param iv The nonce to use. This must be a readable buffer of
* at least \p iv_len Bytes and may be \c NULL if \p * at least \p iv_len Bytes and may be \c NULL if \p
* iv_len is \c 0. * iv_len is \c 0.
@ -1049,7 +1057,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
* writable object of type \c size_t. * writable object of type \c size_t.
* \param tag_len The actual length of the authentication tag. For AEAD * \param tag_len The actual length of the authentication tag. For AEAD
* ciphers, this must match the constraints imposed by * ciphers, this must match the constraints imposed by
* the cipher used, and in particuler must not be \c 0. * the cipher used, and in particular must not be \c 0.
* For NIST_KW, this must be \c 0. * For NIST_KW, this must be \c 0.
* *
* \return \c 0 on success. * \return \c 0 on success.

28
library/cipher.c
View File

@ -1491,16 +1491,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
{ {
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? /* NIST_KW is not supported because we used to document the wrong size
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; * of the output buffer, so people should move to the _ext API,
* which has an explicit argument for buffer size. */
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
} }
#endif /* MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_NIST_KW_C */
@ -1531,16 +1525,10 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
{ {
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? /* NIST_KW is not supported because we used to document the wrong size
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; * of the output buffer, so people should move to the _ext API,
* which has an explicit argument for buffer size. */
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
} }
#endif /* MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_NIST_KW_C */

25
tests/suites/test_suite_cipher.function
View File

@ -1222,22 +1222,31 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
tmp_cipher, cipher->len, output, &outlen, tmp_cipher, cipher->len, output, &outlen,
tmp_tag, tag->len ); tmp_tag, tag->len );
/* make sure the message is rejected if it should be */ if( using_nist_kw )
if( strcmp( result, "FAIL" ) == 0 )
{ {
/* NIST_KW with legacy API */
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
else if( strcmp( result, "FAIL" ) == 0 )
{
/* unauthentic message */
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
} }
else else
{ {
/* otherwise, make sure it was decrypted properly */ /* authentic message: is the plaintext correct? */
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
TEST_ASSERT( outlen == clear->len ); TEST_ASSERT( outlen == clear->len );
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
}
/* /*
* Prepare context for encryption * Encrypt back if test data was authentic
*/ */
if( strcmp( result, "FAIL" ) != 0 )
{
/* prepare context for encryption */
cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
MBEDTLS_ENCRYPT ); MBEDTLS_ENCRYPT );
@ -1254,12 +1263,20 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len, ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
clear->x, clear->len, output, &outlen, clear->x, clear->len, output, &outlen,
output_tag, tag->len ); output_tag, tag->len );
if( using_nist_kw )
{
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
else
{
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
TEST_ASSERT( outlen == cipher->len ); TEST_ASSERT( outlen == cipher->len );
TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 ); TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 ); TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
} }
}
exit: exit: