Page MenuHomePhabricator
Create Task
Maniphest T944

PSA driver for aead multipart capability - GCM
Closed, ResolvedPublic
Actions

Description

Develop a cc_3xx driver entry point for the aead multipart capability (aead_encrypt_multipart, aead_decrypt_multipart)

List of entry points to be finalised first (done in the ticket)

Modify the build system to build any additional source added.

Make sure no tests break. Test enablement in the TF-M Crypto regression test suite: https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11880
Support for AEAD multipart in TF-M frontend: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11825 (needs to be aligned with a new enough version of mbedTLS, i.e. TF-M will pick it up only with mbedTLS 3.1)

Associated mbedTLS work items (adding support only for GCM and ChaChaPoly at first):
This is pending on this PR from mbedTLS for support on the backend side: https://github.com/ARMmbed/mbedtls/pull/4338
Associated ticket: https://github.com/ARMmbed/mbedtls/issues/3257
CCM support ticket is here: https://github.com/ARMmbed/mbedtls/issues/3721 with associated patch: https://github.com/ARMmbed/mbedtls/pull/5047

This would require some reworking of the low level CC driver as well as the current implementation only supports single-shot AEAD operations.

Related Objects

Event Timeline

adeaarm triaged this task as Normal priority.Jun 25 2021, 11:16 AM
adeaarm created this task.
adeaarm added a comment.EditedJul 2 2021, 7:01 PM

Prototypes derived from: https://github.com/ARMmbed/mbedtls/pull/4338/

typedef ... acme_aead_operation_t;
psa_status_t acme_aead_encrypt_setup(
   acme_aead_operation_t *operation,
   const psa_key_attributes_t *attributes,
   const uint8_t *key_buffer, size_t key_buffer_size,
   psa_algorithm_t alg);
psa_status_t acme_aead_decrypt_setup(
   acme_aead_operation_t *operation,
   const psa_key_attributes_t *attributes,
   const uint8_t *key_buffer, size_t key_buffer_size,
   psa_algorithm_t alg);
psa_status_t acme_aead_set_nonce(
   acme_aead_operation_t *operation,
   const uint8_t *nonce,
   size_t nonce_length);
psa_status_t acme_aead_set_lengths(
   acme_aead_operation_t *operation,
   size_t ad_length,
   size_t plaintext_length);
psa_status_t acme_aead_update_ad(
   acme_aead_operation_t *operation,
   const uint8_t *input,
   size_t input_length);
psa_status_t acme_aead_update(
   acme_aead_operation_t *operation,
   const uint8_t *input,
   size_t input_length,
   uint8_t *output,
   size_t output_size,
   size_t *output_length);
psa_status_t acme_aead_finish(
   acme_aead_operation_t *operation,
   uint8_t *ciphertext,
   size_t ciphertext_size,
   size_t *ciphertext_length,
   uint8_t *tag,
   size_t tag_size,
   size_t *tag_length);
psa_status_t acme_aead_verify(
   acme_aead_operation_t *operation,
   uint8_t *plaintext,
   size_t plaintext_size,
   size_t *plaintext_length,
   const uint8_t *tag,
   size_t tag_length);
psa_status_t acme_aead_abort(
   acme_aead_operation_t *operation);
noonfom claimed this task.Jul 23 2021, 8:25 AM
adeaarm added a comment.Aug 13 2021, 10:12 AM

This is pending on this PR from mbedTLS for support on the backend side: https://github.com/ARMmbed/mbedtls/pull/4338
Associated ticket: https://github.com/ARMmbed/mbedtls/issues/3257
This would require some reworking of the low level CC driver as well as the current implementation only supports single-shot AEAD operations.

adeaarm updated the task description. (Show Details)Aug 13 2021, 10:14 AM
noonfom moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 4 2021, 1:24 PM
adeaarm added a comment.Oct 6 2021, 12:42 PM

mbedTLS PR has now been merged on development branch. Started work focusing on GCM.

adeaarm updated the task description. (Show Details)Oct 28 2021, 9:19 AM
adeaarm updated the task description. (Show Details)
adeaarm updated the task description. (Show Details)Oct 28 2021, 9:22 AM
adeaarm moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Nov 3 2021, 9:34 PM

Tests: https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/11880
GCM driver: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12275

adeaarm renamed this task from PSA driver for aead multipart capability to PSA driver for aead multipart capability - GCM.Nov 3 2021, 9:35 PM
adeaarm closed this task as Resolved.Nov 15 2021, 4:55 PM
adeaarm moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.