Remove internal aead_verify endpoint
The internal verify endpoint was only calling the finish endpoint to get
a tag to compare against the tag passed in. Moved this logic to the
driver wrapper (still allowing a driver to call verify if required) and
removed the internal implementation endpoint.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 9ac2646..9f67359 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -607,18 +607,6 @@
return( status );
}
-/* Common checks for both mbedtls_psa_aead_finish() and
- mbedtls_psa_aead_verify() */
-static psa_status_t mbedtls_psa_aead_finish_checks(
- mbedtls_psa_aead_operation_t *operation,
- size_t tag_size )
-{
- if( tag_size < operation->tag_length )
- return ( PSA_ERROR_BUFFER_TOO_SMALL );
-
- return ( PSA_SUCCESS );
-}
-
/* Finish encrypting a message in a multipart AEAD operation. */
psa_status_t mbedtls_psa_aead_finish(
mbedtls_psa_aead_operation_t *operation,
@@ -632,10 +620,8 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t finish_output_size = 0;
- status = mbedtls_psa_aead_finish_checks( operation, tag_size );
-
- if( status != PSA_SUCCESS )
- return status;
+ if( tag_size < operation->tag_length )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
if( operation->alg == PSA_ALG_GCM )
@@ -672,66 +658,6 @@
return ( status );
}
-/* Finish authenticating and decrypting a message in a multipart AEAD
- * operation.*/
-psa_status_t mbedtls_psa_aead_verify(
- mbedtls_psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length )
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t finish_output_size = 0;
- int do_tag_check = 1;
- uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
-
- status = mbedtls_psa_aead_finish_checks( operation, tag_length );
-
- if( status != PSA_SUCCESS )
- return status;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- if( operation->alg == PSA_ALG_GCM )
- /* Call finish to get the tag for comparison */
- status = mbedtls_to_psa_error(
- mbedtls_gcm_finish( &operation->ctx.gcm,
- plaintext, plaintext_size,
- check_tag, operation->tag_length ) );
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
- // call finish to get the tag for comparison.
- status = mbedtls_to_psa_error(
- mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
- check_tag ) );
-
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
- {
- ( void ) plaintext;
- ( void ) plaintext_size;
- ( void ) plaintext_length;
- ( void ) tag;
- ( void ) tag_length;
-
- return ( PSA_ERROR_NOT_SUPPORTED );
- }
-
- if( status == PSA_SUCCESS )
- {
- *plaintext_length = finish_output_size;
-
- if( do_tag_check && ( tag_length != operation->tag_length ||
- mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) )
- status = PSA_ERROR_INVALID_SIGNATURE;
- }
-
- return ( status );
-}
-
/* Abort an AEAD operation */
psa_status_t mbedtls_psa_aead_abort(
mbedtls_psa_aead_operation_t *operation )
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index c664f9f..38202b6 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -491,77 +491,6 @@
size_t tag_size,
size_t *tag_length );
-/** Finish authenticating and decrypting a message in an AEAD operation.
- *
- * \note The signature of this function is that of a PSA driver
- * aead_verify entry point. This function behaves as an aead_verify entry
- * point as defined in the PSA driver interface specification for
- * transparent drivers.
- *
- * The operation must have been set up by the PSA core with
- * mbedtls_psa_aead_decrypt_setup().
- *
- * This function finishes the authenticated decryption of the message
- * components:
- *
- * - The additional data consisting of the concatenation of the inputs
- * passed to preceding calls to mbedtls_psa_aead_update_ad().
- * - The ciphertext consisting of the concatenation of the inputs passed to
- * preceding calls to mbedtls_psa_aead_update().
- * - The tag passed to this function call.
- *
- * If the authentication tag is correct, this function outputs any remaining
- * plaintext and reports success. If the authentication tag is not correct,
- * this function returns #PSA_ERROR_INVALID_SIGNATURE.
- *
- * Whether or not this function returns successfully, the PSA core subsequently
- * calls mbedtls_psa_aead_abort() to deactivate the operation.
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual tag and the expected tag is performed
- * in constant time.
- *
- * \param[in,out] operation Active AEAD operation.
- * \param[out] plaintext Buffer where the last part of the plaintext
- * is to be written. This is the remaining data
- * from previous calls to mbedtls_psa_aead_update()
- * that could not be processed until the end
- * of the input.
- * \param plaintext_size Size of the \p plaintext buffer in bytes.
- * This must be appropriate for the selected
- * algorithm and key:
- * - A sufficient output size is
- * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
- * \c alg) where \c key_type is the type of key
- * and \c alg is the algorithm that were used to
- * set up the operation.
- * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
- * the maximum output size of any supported AEAD
- * algorithm.
- * \param[out] plaintext_length On success, the number of bytes of
- * returned plaintext.
- * \param[in] tag Buffer containing the authentication tag.
- * \param tag_length Size of the \p tag buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculations were successful, but the authentication tag is
- * not correct.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p tag buffer is too small.
- * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
- * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
- * buffer size.
- */
-psa_status_t mbedtls_psa_aead_verify(
- mbedtls_psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length );
-
/** Abort an AEAD operation.
*
* \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 48410c0..09fff0c 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -1739,11 +1739,29 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
- return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
- plaintext,
- plaintext_size,
- plaintext_length,
- tag, tag_length ) );
+ {
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
+ size_t check_tag_length;
+
+ status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
+ plaintext,
+ plaintext_size,
+ plaintext_length,
+ check_tag,
+ tag_length,
+ &check_tag_length );
+
+ if( status == PSA_SUCCESS )
+ {
+ if( tag_length != check_tag_length ||
+ mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
+ != 0 )
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ }
+
+ return( status );
+ }
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */