Page MenuHomePhabricator

PSA driver for aead multipart capability
Open, NormalPublic

Description

Develop a cc_3xx driver entry point for the aead multipart capability (aead_encrypt_multipart, aead_decrypt_multipart)

List of entry points to be finalised first (done in the ticket)

Modify the build system to build any additional source added.

Make sure no tests break. Currently we don't have tests for AEAD multipart as this is not supported yet by the mbedTLS backend.

Associated mbedTLS work items (adding support only for GCM and ChaChaPoly at first):
This is pending on this PR from mbedTLS for support on the backend side: https://github.com/ARMmbed/mbedtls/pull/4338
Associated ticket: https://github.com/ARMmbed/mbedtls/issues/3257

This would require some reworking of the low level CC driver as well as the current implementation only supports single-shot AEAD operations.

Event Timeline

adeaarm triaged this task as Normal priority.Jun 25 2021, 11:16 AM
adeaarm created this task.
adeaarm added a comment.EditedJul 2 2021, 7:01 PM

Prototypes derived from: https://github.com/ARMmbed/mbedtls/pull/4338/

typedef ... acme_aead_operation_t;
psa_status_t acme_aead_encrypt_setup(
   acme_aead_operation_t *operation,
   const psa_key_attributes_t *attributes,
   const uint8_t *key_buffer, size_t key_buffer_size,
   psa_algorithm_t alg);
psa_status_t acme_aead_decrypt_setup(
   acme_aead_operation_t *operation,
   const psa_key_attributes_t *attributes,
   const uint8_t *key_buffer, size_t key_buffer_size,
   psa_algorithm_t alg);
psa_status_t acme_aead_set_nonce(
   acme_aead_operation_t *operation,
   const uint8_t *nonce,
   size_t nonce_length);
psa_status_t acme_aead_set_lengths(
   acme_aead_operation_t *operation,
   size_t ad_length,
   size_t plaintext_length);
psa_status_t acme_aead_update_ad(
   acme_aead_operation_t *operation,
   const uint8_t *input,
   size_t input_length);
psa_status_t acme_aead_update(
   acme_aead_operation_t *operation,
   const uint8_t *input,
   size_t input_length,
   uint8_t *output,
   size_t output_size,
   size_t *output_length);
psa_status_t acme_aead_finish(
   acme_aead_operation_t *operation,
   uint8_t *ciphertext,
   size_t ciphertext_size,
   size_t *ciphertext_length,
   uint8_t *tag,
   size_t tag_size,
   size_t *tag_length);
psa_status_t acme_aead_verify(
   acme_aead_operation_t *operation,
   uint8_t *plaintext,
   size_t plaintext_size,
   size_t *plaintext_length,
   const uint8_t *tag,
   size_t tag_length);
psa_status_t acme_aead_abort(
   acme_aead_operation_t *operation);
noonfom claimed this task.Jul 23 2021, 8:25 AM

This is pending on this PR from mbedTLS for support on the backend side: https://github.com/ARMmbed/mbedtls/pull/4338
Associated ticket: https://github.com/ARMmbed/mbedtls/issues/3257
This would require some reworking of the low level CC driver as well as the current implementation only supports single-shot AEAD operations.

adeaarm updated the task description. (Show Details)Aug 13 2021, 10:14 AM