Blame - programs/psa/aead_non_psa.c - mirror/mbed-tls

blob: 4b48b3a989ce9ae9059191d2b14925b050e3b98d [file] [log] [blame]

Manuel Pégourié-Gonnard	7d5ef17	2022-01-27 13:09:13 +0100	[diff] [blame]	1	/*
				2	* This is a companion to aead_psa.c, doing the same operations with the
				3	* legacy Cipher API. The goal is that comparing the two programs will help people
				4	* migrating to the PSA Crypto API.
				5	*
				6	* Copyright The Mbed TLS Contributors
				7	* SPDX-License-Identifier: Apache-2.0
				8	*
				9	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				10	* not use this file except in compliance with the License.
				11	* You may obtain a copy of the License at
				12	*
				13	* http://www.apache.org/licenses/LICENSE-2.0
				14	*
				15	* Unless required by applicable law or agreed to in writing, software
				16	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				17	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				18	* See the License for the specific language governing permissions and
				19	* limitations under the License.
				20	*/
				21
				22	/*
				23	* When used with multi-part AEAD operations, the `mbedtls_cipher_context`
				24	* serves a triple purpose (1) hold the key, (2) store the algorithm when no
				25	* operation is active, and (3) save progress information for the current
				26	* operation. With PSA those roles are held by disinct objects: (1) a
				27	* psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
				28	* algorithm, and (3) a psa_operation_t for multi-part progress.
				29	*
				30	* On the other hand, with PSA, the algorithms encodes the desired tag length;
				31	* with Cipher the desired tag length needs to be tracked separately.
				32	*
				33	* This program and its compation aead_psa.c illustrate this by doing the
				34	* same sequence of multi-part AEAD computation with both APIs; looking at the
				35	* two side by side should make the differences and similarities clear.
				36	*/
				37
				38	#include <stdio.h>
				39
				40	#include "mbedtls/build_info.h"
				41
				42	#if !defined(MBEDTLS_CIPHER_C) \|\| \
				43	!defined(MBEDTLS_AES_C) \|\| !defined(MBEDTLS_GCM_C) \|\| \
				44	!defined(MBEDTLS_CHACHAPOLY_C)
				45	int main( void )
				46	{
				47	printf( "MBEDTLS_MD_C and/or "
				48	"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
				49	"MBEDTLS_CHACHAPOLY_C not defined\r\n" );
				50	return( 0 );
				51	}
				52	#else
				53
				54	#include <string.h>
				55
				56	#include "mbedtls/cipher.h"
				57
				58	/*
				59	* Dummy data and helper functions
				60	*/
				61	const char usage[] = "Usage: aead_non_psa [aes128-gcm\|aes256-gcm\|aes128-gcm_8\|chachapoly]";
				62
				63	const unsigned char iv1[12] = { 0x00 };
				64	const unsigned char add_data1[] = { 0x01, 0x02 };
				65	const unsigned char msg1_part1[] = { 0x03, 0x04 };
				66	const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
Manuel Pégourié-Gonnard	7d5ef17	2022-01-27 13:09:13 +0100	[diff] [blame]	67
				68	const unsigned char iv2[12] = { 0x10 };
				69	const unsigned char add_data2[] = { 0x11, 0x12 };
				70	const unsigned char msg2_part1[] = { 0x13, 0x14 };
				71	const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
Manuel Pégourié-Gonnard	7d5ef17	2022-01-27 13:09:13 +0100	[diff] [blame]	72
Manuel Pégourié-Gonnard	fd1d13c	2022-01-28 12:52:35 +0100	[diff] [blame]	73	#define MSG_MAX_SIZE 5
Manuel Pégourié-Gonnard	7d5ef17	2022-01-27 13:09:13 +0100	[diff] [blame]	74
				75	const unsigned char key_bytes[32] = { 0x2a };
				76
				77	void print_out( const char title, unsigned char out, size_t len )
				78	{
				79	printf( "%s:", title );
				80	for( size_t i = 0; i < len; i++ )
				81	printf( " %02x", out[i] );
				82	printf( "\n" );
				83	}
				84
				85	#define CHK( code ) \
				86	do { \
				87	ret = code; \
				88	if( ret != 0 ) { \
				89	printf( "%03d: ret = -0x%04x\n", __LINE__, (unsigned) -ret ); \
				90	goto exit; \
				91	} \
				92	} while( 0 )
				93
				94	static int aead_prepare( const char *info,
				95	mbedtls_cipher_context_t *ctx,
				96	size_t *tag_len )
				97	{
				98	int ret;
				99
				100	mbedtls_cipher_type_t type;
				101	if( strcmp( info, "aes128-gcm" ) == 0 ) {
				102	type = MBEDTLS_CIPHER_AES_128_GCM;
				103	*tag_len = 16;
				104	} else if( strcmp( info, "aes256-gcm" ) == 0 ) {
				105	type = MBEDTLS_CIPHER_AES_256_GCM;
				106	*tag_len = 16;
				107	} else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
				108	type = MBEDTLS_CIPHER_AES_128_GCM;
				109	*tag_len = 8;
				110	} else if( strcmp( info, "chachapoly" ) == 0 ) {
				111	type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
				112	*tag_len = 16;
				113	} else {
				114	puts( usage );
				115	return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
				116	}
				117
				118	CHK( mbedtls_cipher_setup( ctx,
				119	mbedtls_cipher_info_from_type( type ) ) );
				120
				121	int key_len = mbedtls_cipher_get_key_bitlen( ctx );
				122	CHK( mbedtls_cipher_setkey( ctx, key_bytes, key_len, MBEDTLS_ENCRYPT ) );
				123
				124	exit:
				125	return( ret );
				126	}
				127
				128	static void aead_info( const mbedtls_cipher_context_t *ctx, size_t tag_len )
				129	{
				130	// no convenient way to get the cipher type (for example, AES)
				131	const char *ciph = "???";
				132	int key_bits = mbedtls_cipher_get_key_bitlen( ctx );
				133	mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( ctx );
				134
				135	const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
				136	: mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
				137	: "???";
				138
				139	printf( "cipher: %s, %d, %s, %u\n", ciph, key_bits, mode_str, (unsigned) tag_len );
				140	}
				141
				142	static int aead_encrypt( mbedtls_cipher_context_t *ctx, size_t tag_len,
				143	const unsigned char *iv, size_t iv_len,
				144	const unsigned char *ad, size_t ad_len,
				145	const unsigned char *pa, size_t pa_len,
				146	const unsigned char *pb, size_t pb_len )
				147	{
				148	int ret;
				149	size_t olen;
Manuel Pégourié-Gonnard	fd1d13c	2022-01-28 12:52:35 +0100	[diff] [blame]	150	unsigned char out[MSG_MAX_SIZE + 16];
Manuel Pégourié-Gonnard	7d5ef17	2022-01-27 13:09:13 +0100	[diff] [blame]	151	unsigned char *p = out;
				152
				153	CHK( mbedtls_cipher_set_iv( ctx, iv, iv_len ) );
				154	CHK( mbedtls_cipher_reset( ctx ) );
				155	CHK( mbedtls_cipher_update_ad( ctx, ad, ad_len ) );
				156	CHK( mbedtls_cipher_update( ctx, pa, pa_len, p, &olen ) );
				157	p += olen;
				158	CHK( mbedtls_cipher_update( ctx, pb, pb_len, p, &olen ) );
				159	p += olen;
				160	CHK( mbedtls_cipher_finish( ctx, p, &olen ) );
				161	p += olen;
				162	CHK( mbedtls_cipher_write_tag( ctx, p, tag_len ) );
				163	p += tag_len;
				164
				165	olen = p - out;
				166	print_out( "cipher", out, olen );
				167
				168	exit:
				169	return( ret );
				170	}
				171
				172	static int aead_demo( const char *info )
				173	{
				174	int ret = 0;
				175
				176	mbedtls_cipher_context_t ctx;
				177	size_t tag_len;
				178
				179	mbedtls_cipher_init( &ctx );
				180
				181	CHK( aead_prepare( info, &ctx, &tag_len ) );
				182
				183	aead_info( &ctx, tag_len );
				184
				185	CHK( aead_encrypt( &ctx, tag_len,
				186	iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
				187	msg1_part1, sizeof( msg1_part1 ),
				188	msg1_part2, sizeof( msg1_part2 ) ) );
				189	CHK( aead_encrypt( &ctx, tag_len,
				190	iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
				191	msg2_part1, sizeof( msg2_part1 ),
				192	msg2_part2, sizeof( msg2_part2 ) ) );
				193
				194	exit:
				195	mbedtls_cipher_free( &ctx );
				196
				197	return( ret );
				198	}
				199
				200
				201	/*
				202	* Main function
				203	*/
				204	int main( int argc, char **argv )
				205	{
				206	if( argc != 2 )
				207	{
				208	puts( usage );
				209	return( 1 );
				210	}
				211
				212	aead_demo( argv[1] );
				213	}
				214
				215	#endif