Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added ARIA Algo switch case in cmac cipher start #8763

Open
wants to merge 6 commits into
base: development
Choose a base branch
from
Open

Added ARIA Algo switch case in cmac cipher start #8763

wants to merge 6 commits into from

Conversation

jk-arm
Copy link

@jk-arm jk-arm commented Jan 29, 2024

Description

Please write a few sentences describing the overall goals of the pull request's commits.

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

  • changelog provided, or not required
  • backport done, or not required
  • tests provided, or not required

Notes for the submitter

Please refer to the contributing guidelines, especially the
checklist for PR contributors.

@jk-arm
Added ARIA Algo switch case in cmac cipher start
3bd1609 
Signed-off-by: jk-arm <jothikumar.mani@arm.com>
tom-cosgrove-arm
tom-cosgrove-arm reviewed Jan 29, 2024
View reviewed changes
library/cmac.c Outdated
@@ -178,6 +178,7 @@ int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,

switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
case MBEDTLS_CIPHER_ARIA_128_ECB:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without looking any further at this, this indentation appears totally wrong

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

corrected the same now

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, we should add #if defined(MBEDTLS_ARIA_C) (and similar for AES) around the switch cases to save on code size.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daverodgman added the same, just ignore my multiple empty commits, there were some issues on my side.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add defines for AES and DES while you are there - thanks!

@daverodgman
Copy link
Contributor

I guess the aim is that this PR is sufficient to enable us to perform ARIA-CMAC via the cipher interface? If so, please add tests in tests/suites/test_suite_cmac.

What is the impact for PSA - does this also enable for PSA? If so, we should add tests for that as well.

@daverodgman
Copy link
Contributor

We also need to update the docs in mbedtls_config.h for MBEDTLS_CMAC_C, and the checks in check_config.h.

@daverodgman daverodgman added enhancement needs-work component-crypto Crypto primitives and low-level interfaces size-xs Estimated task size: extra small (a few hours at most) labels Jan 29, 2024
@daverodgman
Copy link
Contributor

What's the context for this PR please? Do we have an external request to add support for this, or is this connected to the PSA arch tests?

@jk-arm
Copy link
Author

jk-arm commented Jan 29, 2024

What's the context for this PR please? Do we have an external request to add support for this, or is this connected to the PSA arch tests?

Hi Dave, i am the psa-arch-test proj lead, we are in the development of crypto 1.1.0 compliance testcases, during the ARIA scenario development we noticed that support in cmac.c file is missing, and i had discussed with @gilles-peskine-arm to raise a pull request.

@gilles-peskine-arm
Copy link
Contributor

One thing to check which may or may not result in a CI failure is whether all relevant buffer calculation macros take ARIA into account. Failing to do so could cause a buffer overflow in ARIA-only configurations or in (ARIA+DES)-only configurations (sounds exotic, but may be needed in some Korean banking settings?).

@jk-arm
added missing ARIA check while doing psa_mac_compute(CMAC)
0e126ef 
Signed-off-by: jk-arm <jothikumar.mani@arm.com>
@gilles-peskine-arm
Copy link
Contributor

@jk-arm Please make sure that all the steps in our guide on how to implement a new cryptographic mechanism are fulfilled for ARIA+CMAC. They already are for ARIA and for CMAC separately, but there may be other places than cmac.c that need a case for the combination.

@jk-arm
Copy link
Author

jk-arm commented Jan 29, 2024

@jk-arm Please make sure that all the steps in our guide on how to implement a new cryptographic mechanism are fulfilled for ARIA+CMAC. They already are for ARIA and for CMAC separately, but there may be other places than cmac.c that need a case for the combination.

Hi @gilles-peskine-arm,
As i am raising pull requests for mbedtls first time and never run the mbedtls unit test. i might have to spend some time to understand and implement.

@daverodgman
Copy link
Contributor

It will also need a changelog entry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daverodgman daverodgman daverodgman left review comments

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
component-crypto Crypto primitives and low-level interfaces enhancement needs-work size-xs Estimated task size: extra small (a few hours at most)
Projects
Non-roadmap pull requests
Status: In Development
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jk-arm @daverodgman @gilles-peskine-arm @tom-cosgrove-arm