From a70d588f741385a8287e6c84d400ddb7a4d96f54 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:26:18 +0200 Subject: [PATCH 01/17] Add initial test driver conforming to the new spec Also adjusted the different makefiles accordingly. Note: driver lifetime is currently statically defined in the header, but this will be replaced in the future based on autogeneration of lifetime values by a script (TBD) Signed-off-by: Steven Cooreman --- CMakeLists.txt | 2 +- programs/Makefile | 2 +- programs/fuzz/Makefile | 2 +- scripts/generate_visualc_files.pl | 3 + tests/Makefile | 9 +- tests/include/drivers/signature.h | 55 +++++++++ tests/include/drivers/test_driver.h | 29 +++++ tests/src/drivers/signature.c | 171 ++++++++++++++++++++++++++++ 8 files changed, 268 insertions(+), 5 deletions(-) create mode 100644 tests/include/drivers/signature.h create mode 100644 tests/include/drivers/test_driver.h create mode 100644 tests/src/drivers/signature.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 88332464b..5af4c8124 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -261,7 +261,7 @@ add_subdirectory(library) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c) + file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include diff --git a/programs/Makefile b/programs/Makefile index f9c260867..dfe055569 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -8,7 +8,7 @@ WARNING_CXXFLAGS ?= -Wall -Wextra LDFLAGS ?= MBEDTLS_TEST_PATH:=../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 8196f3930..fa17918fa 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,5 +1,5 @@ MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 3d4baca41..469595518 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,6 +39,7 @@ my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; +my $test_drivers_header_dir = 'tests/include/drivers'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest @@ -116,6 +117,7 @@ sub check_dirs { && -d $source_dir && -d $test_source_dir && -d $test_header_dir + && -d $test_drivers_header_dir && -d $programs_dir; } @@ -262,6 +264,7 @@ sub main { $mbedtls_header_dir, $psa_header_dir, $test_header_dir, + $test_drivers_header_dir, $source_dir, @thirdparty_header_dirs, ); diff --git a/tests/Makefile b/tests/Makefile index ffa4812bd..511db9db5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -80,7 +80,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -89,6 +89,10 @@ src/%.o : src/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +src/drivers/%.o : src/drivers/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) # Wildcard target for test code generation: @@ -130,12 +134,13 @@ $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mb clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax TESTS - rm -f src/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/libmbed* else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o + if exist src/drivers/*.o del /Q /F src/drivers/*.o if exist src/libmbed* del /Q /F src/libmed* ifneq ($(wildcard TESTS/.*),) rmdir /Q /S TESTS diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h new file mode 100644 index 000000000..1607ba512 --- /dev/null +++ b/tests/include/drivers/signature.h @@ -0,0 +1,55 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_forced_output; +extern size_t test_driver_forced_output_length; + +extern psa_status_t test_transparent_signature_sign_hash_status; +extern unsigned long test_transparent_signature_sign_hash_hit; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h new file mode 100644 index 000000000..549467447 --- /dev/null +++ b/tests/include/drivers/test_driver.h @@ -0,0 +1,29 @@ +/* + * Umbrella include for all of the test driver functionality + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H + +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff + +#include "drivers/signature.h" + +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c new file mode 100644 index 000000000..0f006c70a --- /dev/null +++ b/tests/src/drivers/signature.c @@ -0,0 +1,171 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" + +#include "drivers/signature.h" + +#include "mbedtls/md.h" +#include "mbedtls/ecdsa.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_forced_output = NULL; +size_t test_driver_forced_output_length = 0; + +psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_sign_hash_hit = 0; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++test_transparent_signature_sign_hash_hit; + + if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_sign_hash_status ); + + if( test_driver_forced_output != NULL ) + { + if( test_driver_forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, test_driver_forced_output, + test_driver_forced_output_length ); + *signature_length = test_driver_forced_output_length; + return( PSA_SUCCESS ); + } + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + + /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ + mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; + if( signature_size < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, + hash, hash_length, md_alg ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); + if( status == PSA_SUCCESS ) + *signature_length = 2 * curve_bytes; +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ From 0d59f7b092b5665391a7bead2ba2b015b654709d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:27:57 +0200 Subject: [PATCH 02/17] Add configuration flag `MBEDTLS_PSA_CRYPTO_DRIVERS` Signed-off-by: Steven Cooreman --- include/mbedtls/config.h | 11 +++++++++++ library/version_features.c | 3 +++ programs/test/query_config.c | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1e6e05275..a2f408f2d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1329,6 +1329,17 @@ */ #define MBEDTLS_PKCS1_V21 +/** \def MBEDTLS_PSA_CRYPTO_DRIVERS + * + * Enable support for the experimental PSA crypto driver interface. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_DRIVERS + /** * \def MBEDTLS_PSA_CRYPTO_SPM * diff --git a/library/version_features.c b/library/version_features.c index d2840fa3c..051fb1953 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,6 +435,9 @@ static const char * const features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + "MBEDTLS_PSA_CRYPTO_DRIVERS", +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) "MBEDTLS_PSA_CRYPTO_SPM", #endif /* MBEDTLS_PSA_CRYPTO_SPM */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index f4c14d6cb..f64eb887b 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1216,6 +1216,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + if( strcmp( "MBEDTLS_PSA_CRYPTO_DRIVERS", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_DRIVERS ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + #if defined(MBEDTLS_PSA_CRYPTO_SPM) if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 ) { From cd84cb4903f77538d1bea8158041b0f70ca14f28 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:28:36 +0200 Subject: [PATCH 03/17] Add a handcrafted first version of the driver wrapper code Signed-off-by: Steven Cooreman --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/psa_crypto.c | 12 ++++ library/psa_crypto_driver_wrappers.c | 103 +++++++++++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 40 +++++++++++ visualc/VS2010/mbedTLS.vcxproj | 5 ++ 6 files changed, 162 insertions(+) create mode 100644 library/psa_crypto_driver_wrappers.c create mode 100644 library/psa_crypto_driver_wrappers.h diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 33e2cfc85..91ac8bc7e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -61,6 +61,7 @@ set(src_crypto platform_util.c poly1305.c psa_crypto.c + psa_crypto_driver_wrappers.c psa_crypto_se.c psa_crypto_slot_management.c psa_crypto_storage.c diff --git a/library/Makefile b/library/Makefile index b76a84bdd..c7d4a0615 100644 --- a/library/Makefile +++ b/library/Makefile @@ -118,6 +118,7 @@ OBJS_CRYPTO= \ platform_util.o \ poly1305.o \ psa_crypto.o \ + psa_crypto_driver_wrappers.o \ psa_crypto_se.o \ psa_crypto_slot_management.o \ psa_crypto_storage.o \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bffddc995..af8a7a973 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -27,6 +27,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#include "psa_crypto_driver_wrappers.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include "psa_crypto_se.h" #endif @@ -3659,6 +3660,17 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; } + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_sign_hash( slot, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + goto exit; + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c new file mode 100644 index 000000000..9ace0cb28 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.c @@ -0,0 +1,103 @@ +/* + * Functions to delegate cryptographic operations to an available + * and appropriate accelerator. + * Warning: auto-generated file. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include "psa_crypto_core.h" +#include "psa_crypto_driver_wrappers.h" + +/* Include test driver definition when running tests */ +#if defined(MBEDTLS_TEST_HOOKS) +#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#include "drivers/test_driver.h" +#endif + +/* Include driver definition file for each registered driver */ + +/* Start delegation functions */ +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +} + +/* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h new file mode 100644 index 000000000..8fbf034c6 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.h @@ -0,0 +1,40 @@ +/* + * Function signatures for functionality that can be provided by + * cryptographic accelerators. + * Warning: auto-generated file. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H +#define PSA_CRYPTO_DRIVER_WRAPPERS_H + +#include "psa/crypto.h" +#include "psa/crypto_driver_common.h" + +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ + +/* End of automatically generated file. */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 578289f17..8371edaf2 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -238,8 +238,12 @@ + + + + @@ -307,6 +311,7 @@ + From d57203d9555757a5020bfc18b3d77676750fb000 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:28:59 +0200 Subject: [PATCH 04/17] Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman --- tests/scripts/all.sh | 11 ++ ...test_suite_psa_crypto_driver_wrappers.data | 11 ++ ..._suite_psa_crypto_driver_wrappers.function | 104 ++++++++++++++++++ 3 files changed, 126 insertions(+) create mode 100644 tests/suites/test_suite_psa_crypto_driver_wrappers.data create mode 100644 tests/suites/test_suite_psa_crypto_driver_wrappers.function diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4fafe0208..983e12124 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1656,6 +1656,17 @@ component_test_se_default () { make test } +component_test_psa_crypto_drivers () { + msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_TEST_HOOKS + # Need to include the test driver header path in order to build + make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + make test +} + component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data new file mode 100644 index 000000000..fd20b1872 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -0,0 +1,11 @@ +sign_hash through transparent driver: calculate in driver +ecdsa_sign:PSA_SUCCESS:0:PSA_SUCCESS + +sign_hash through transparent driver: fallback +ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +sign_hash through transparent driver: error +ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR + +sign_hash through transparent driver: fake +ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function new file mode 100644 index 000000000..8c6338c0c --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -0,0 +1,104 @@ +/* BEGIN_HEADER */ +#include "test/psa_crypto_helpers.h" + +#include "drivers/test_driver.h" + +uint8_t test_secp256r1_key_data[32] = { + 0xab, 0x45, 0x43, 0x57, 0x12, 0x64, 0x9c, 0xb3, + 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, + 0x27, 0x40, 0xff, 0xc7, 0xf8, 0x74, 0xd9, 0x24, + 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a, +}; +uint8_t test_hash_32[32] = { + 0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, + 0x14, 0x39, 0x24, 0x85, 0x04, 0xdd, 0x0d, 0x49, + 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, + 0xc6, 0x85, 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b, +}; +uint8_t test_signature_hash_32_with_secp256r1[64] = { + 0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, + 0x49, 0x03, 0x77, 0xad, 0xf2, 0xea, 0x1f, 0x11, + 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, + 0x18, 0xd5, 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, + 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e, 0x25, + 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, + 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, + 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, +}; + +uint8_t test_fake_output[] = "INJECTED OUTPUT"; + +typedef enum +{ + EXPECT_FAILURE, + EXPECT_CORRECT_OUTPUT, + EXPECT_FAKE_OUTPUT, +} expected_output_t; + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_TEST_HOOKS + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_sign( int force_status_arg, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + uint8_t signature[64]; + size_t signature_length = 0xdeadbeef; + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + &handle ); + + test_transparent_signature_sign_hash_hit = 0; + test_transparent_signature_sign_hash_status = force_status; + if( fake_output ) + { + expected_output = test_driver_forced_output = test_fake_output; + expected_output_length = test_driver_forced_output_length = + sizeof( test_fake_output ); + } + else + { + expected_output = test_signature_hash_32_with_secp256r1; + expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + } + + actual_status = psa_sign_hash( handle, alg, + test_hash_32, sizeof( test_hash_32 ), + signature, sizeof( signature ), + &signature_length ); + TEST_EQUAL( actual_status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( signature, signature_length, + expected_output, expected_output_length ); + } + TEST_EQUAL( test_transparent_signature_sign_hash_hit, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_forced_output = NULL; + test_driver_forced_output_length = 0; +} +/* END_CASE */ From 7a2505788c61ebe30b38a0e62ae8a5a3e20f6659 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 17 Jul 2020 16:43:05 +0200 Subject: [PATCH 05/17] Move handling of 'SE' drivers into driver wrappers This is a more natural place for handling the drivers belonging to the 'previous' SE driver spec. It makes for a cleaner psa_crypto.c, and potentially an easier overview of how to migrate from the old SE driver interface to the 'opaque accelerator' interface. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 23 +----------------- library/psa_crypto_driver_wrappers.c | 35 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index af8a7a973..460b9df6c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3638,10 +3638,6 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, { psa_key_slot_t *slot; psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ *signature_length = signature_size; /* Immediately reject a zero-length signature buffer. This guarantees @@ -3671,24 +3667,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, if( status != PSA_ERROR_NOT_SUPPORTED ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_sign == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->asymmetric->p_sign( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_RSA_C) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 9ace0cb28..06f33699d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,9 +28,17 @@ #if defined(MBEDTLS_TEST_HOOKS) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#include "psa_crypto_se.h" +#endif + /* Include driver definition file for each registered driver */ /* Start delegation functions */ @@ -43,6 +51,30 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t *signature_length ) { #if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_sign == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return PSA_ERROR_INVALID_ARGUMENT; + } + return( drv->asymmetric->p_sign( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_size, + signature_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -87,6 +119,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is declared with a lifetime not known to us */ return status; } +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; From 55ae2176ab9943a654c3789600d52ba598159667 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 17 Jul 2020 19:46:15 +0200 Subject: [PATCH 06/17] Add and splice in signature verification through driver Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 28 ++-- library/psa_crypto_driver_wrappers.c | 97 +++++++++++++ library/psa_crypto_driver_wrappers.h | 10 ++ tests/include/drivers/signature.h | 17 +++ tests/scripts/all.sh | 2 +- tests/src/drivers/signature.c | 130 ++++++++++++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 18 +++ ..._suite_psa_crypto_driver_wrappers.function | 69 ++++++++++ 8 files changed, 352 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 460b9df6c..edef287c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3754,29 +3754,21 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, { psa_key_slot_t *slot; psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) return( status ); -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_verify == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - return( drv->asymmetric->p_verify( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_length ) ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_verify_hash( slot, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; + #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 06f33699d..09a7ccd32 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -135,4 +135,101 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_verify == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return PSA_ERROR_INVALID_ARGUMENT; + } + return( drv->asymmetric->p_verify( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ) ); +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ) +{ + (void) attributes; + (void) slot; + + return PSA_ERROR_NOT_SUPPORTED; +} + /* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 8fbf034c6..6ab2d9019 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -35,6 +35,16 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t signature_size, size_t *signature_length ); +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ); + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ); + #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ /* End of automatically generated file. */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 1607ba512..232ed4147 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -37,6 +37,9 @@ extern size_t test_driver_forced_output_length; extern psa_status_t test_transparent_signature_sign_hash_status; extern unsigned long test_transparent_signature_sign_hash_hit; +extern psa_status_t test_transparent_signature_verify_hash_status; +extern unsigned long test_transparent_signature_verify_hash_hit; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -51,5 +54,19 @@ psa_status_t test_opaque_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 983e12124..a3f67bef8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1657,7 +1657,7 @@ component_test_se_default () { } component_test_psa_crypto_drivers () { - msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_TEST_HOOKS # Need to include the test driver header path in order to build diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 0f006c70a..32ebbfdff 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -34,6 +34,8 @@ #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" +#include "test/random.h" + #include /* If non-null, on success, copy this to the output. */ @@ -43,6 +45,9 @@ size_t test_driver_forced_output_length = 0; psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; unsigned long test_transparent_signature_sign_hash_hit = 0; +psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_verify_hash_hit = 0; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -168,4 +173,129 @@ psa_status_t test_opaque_signature_sign_hash( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++test_transparent_signature_verify_hash_hit; + + if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_verify_hash_status ); + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + + /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ + if( signature_length < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, + &ecp.Q, &r, &s ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index fd20b1872..2d2c5c4b4 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -9,3 +9,21 @@ ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR sign_hash through transparent driver: fake ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS + +verify_hash using private key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:0:PSA_SUCCESS + +verify_hash using private key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +verify_hash using private key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR + +verify_hash using public key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:1:PSA_SUCCESS + +verify_hash using public key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS + +verify_hash through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8c6338c0c..a954446ed 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -25,6 +25,17 @@ uint8_t test_signature_hash_32_with_secp256r1[64] = { 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, }; +uint8_t test_secp256r1_public_key_data[65] = { + 0x04, + 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, + 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, + 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, + 0x4a, 0x57, 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, + 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, + 0x8b, 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, + 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, 0xa1, + 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20 +}; uint8_t test_fake_output[] = "INJECTED OUTPUT"; @@ -102,3 +113,61 @@ exit: test_driver_forced_output_length = 0; } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_verify( int force_status_arg, + int register_public_key, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + + PSA_ASSERT( psa_crypto_init( ) ); + if( register_public_key ) + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_public_key_data, sizeof( test_secp256r1_public_key_data ), + &handle ); + } + else + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + &handle ); + } + + test_transparent_signature_verify_hash_hit = 0; + test_transparent_signature_verify_hash_status = force_status; + + expected_output = test_signature_hash_32_with_secp256r1; + expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + + actual_status = psa_verify_hash( handle, alg, + test_hash_32, sizeof( test_hash_32 ), + expected_output, expected_output_length ); + TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( test_transparent_signature_verify_hash_hit, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_forced_output = NULL; + test_driver_forced_output_length = 0; +} +/* END_CASE */ From 0116416e61329a6d01493430c77e8a5ee70cf046 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 15:31:37 +0200 Subject: [PATCH 07/17] Expose mbedtls_error_to_psa_status for use in test drivers Signed-off-by: Steven Cooreman --- include/psa/crypto_extra.h | 11 +++++++++++ library/psa_crypto.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f0c7979a8..2ac2c5bf1 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -645,6 +645,17 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ); #endif /* MBEDTLS_ECP_C */ +/** Convert an mbed TLS error code to a PSA error code + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param ret An mbed TLS-thrown error code + * + * \return The corresponding PSA error code + */ +psa_status_t mbedtls_to_psa_error( int ret ); + /**@}*/ #ifdef __cplusplus diff --git a/library/psa_crypto.c b/library/psa_crypto.c index edef287c1..7da2ff678 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -125,7 +125,7 @@ static psa_global_data_t global_data; if( global_data.initialized == 0 ) \ return( PSA_ERROR_BAD_STATE ); -static psa_status_t mbedtls_to_psa_error( int ret ) +psa_status_t mbedtls_to_psa_error( int ret ) { /* If there's both a high-level code and low-level code, dispatch on * the high-level code. */ From 2a1664cb49bc5527ae2fdc75358c437f07f77908 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 15:33:08 +0200 Subject: [PATCH 08/17] Add & splice in test driver for ECC keygen Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 32 ++-- library/psa_crypto_driver_wrappers.c | 151 +++++++++++++++++- tests/include/drivers/keygen.h | 49 ++++++ tests/include/drivers/test_driver.h | 1 + tests/src/drivers/keygen.c | 129 +++++++++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 12 ++ ..._suite_psa_crypto_driver_wrappers.function | 70 ++++++++ 7 files changed, 418 insertions(+), 26 deletions(-) create mode 100644 tests/include/drivers/keygen.h create mode 100644 tests/src/drivers/keygen.c diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7da2ff678..03326f70b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5987,29 +5987,15 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { - const psa_drv_se_t *drv = psa_get_se_driver_methods( driver ); - size_t pubkey_length = 0; /* We don't support this feature yet */ - if( drv->key_management == NULL || - drv->key_management->p_generate == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->key_management->p_generate( - psa_get_se_driver_context( driver ), - slot->data.se.slot_number, attributes, - NULL, 0, &pubkey_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - status = psa_generate_key_internal( - slot, attributes->core.bits, - attributes->domain_parameters, attributes->domain_parameters_size ); - } + status = psa_driver_wrapper_generate_key( attributes, + slot ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( attributes->core.lifetime ) ) + goto exit; + + status = psa_generate_key_internal( + slot, attributes->core.bits, + attributes->domain_parameters, attributes->domain_parameters_size ); exit: if( status == PSA_SUCCESS ) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 09a7ccd32..0f6cfe911 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -23,6 +23,9 @@ #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers.h" +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ #if defined(MBEDTLS_TEST_HOOKS) @@ -31,16 +34,18 @@ #undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif +#endif /* MBEDTLS_TEST_HOOKS */ +/* Include driver definition file for each registered driver here */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + +/* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #include "psa_crypto_se.h" #endif -/* Include driver definition file for each registered driver */ - /* Start delegation functions */ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, psa_algorithm_t alg, @@ -223,13 +228,153 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, + size_t *expected_size ) +{ + if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) + { + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( attributes->core.type ) ) + { + *expected_size = PSA_BITS_TO_BYTES( attributes->core.bits ); + return PSA_SUCCESS; + } + + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + *expected_size = PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + else + { + *expected_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + } + + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) + { + if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + *expected_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + else + { + *expected_size = PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + } + + return PSA_ERROR_NOT_SUPPORTED; + } + else + { + /* TBD: opaque driver support, need to calculate size through driver-defined size function */ + return PSA_ERROR_NOT_SUPPORTED; + } +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) { +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + size_t pubkey_length = 0; /* We don't support this feature yet */ + if( drv->key_management == NULL || + drv->key_management->p_generate == NULL ) + { + /* Key is defined as being in SE, but we have no way to generate it */ + return PSA_ERROR_NOT_SUPPORTED; + } + return( drv->key_management->p_generate( + drv_context, + slot->data.se.slot_number, attributes, + NULL, 0, &pubkey_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + size_t export_size = 0; + + status = get_expected_key_size( attributes, &export_size ); + if( status != PSA_SUCCESS ) + return status; + + slot->data.key.data = mbedtls_calloc(1, export_size); + if( slot->data.key.data == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + slot->data.key.bytes = export_size; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + + /* Transparent drivers are limited to generating asymmetric keys */ + if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) + { + status = PSA_ERROR_NOT_SUPPORTED; + break; + } +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + break; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + status = PSA_ERROR_NOT_SUPPORTED; + break; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + status = test_opaque_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + break; +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + status = PSA_ERROR_INVALID_ARGUMENT; + break; + } + + if( status != PSA_SUCCESS ) + { + /* free allocated buffer */ + mbedtls_free( slot->data.key.data ); + slot->data.key.data = NULL; + slot->data.key.bytes = 0; + } + + return( status ); +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } /* End of automatically generated file. */ diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h new file mode 100644 index 000000000..436df3441 --- /dev/null +++ b/tests/include/drivers/keygen.h @@ -0,0 +1,49 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_keygen_forced_output; +extern size_t test_driver_keygen_forced_output_length; + +extern psa_status_t test_transparent_keygen_status; +extern unsigned long test_transparent_keygen_hit; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index 549467447..fec305fae 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -25,5 +25,6 @@ #define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" +#include "drivers/keygen.h" #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c new file mode 100644 index 000000000..4c830c35e --- /dev/null +++ b/tests/src/drivers/keygen.c @@ -0,0 +1,129 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" +#include "mbedtls/error.h" + +#include "drivers/keygen.h" + +#include "test/random.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_keygen_forced_output = NULL; +size_t test_driver_keygen_forced_output_length = 0; + +psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_keygen_hit = 0; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + ++test_transparent_keygen_hit; + + if( test_transparent_keygen_status != PSA_SUCCESS ) + return( test_transparent_keygen_status ); + + if( test_driver_keygen_forced_output != NULL ) + { + if( test_driver_keygen_forced_output_length > key_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( key, test_driver_keygen_forced_output, + test_driver_keygen_forced_output_length ); + *key_length = test_driver_keygen_forced_output_length; + return( PSA_SUCCESS ); + } + + /* Copied from psa_crypto.c */ +#if defined(MBEDTLS_ECP_C) + if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + mbedtls_ecp_group_id grp_id = + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( curve_info->bit_size != attributes->core.bits ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ecp_keypair_init( &ecp ); + ret = mbedtls_ecp_gen_key( grp_id, &ecp, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); + if( ret != 0 ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( mbedtls_to_psa_error( ret ) ); + } + + /* Make sure to use export representation */ + size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + if( key_size < bytes ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + psa_status_t status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary( &ecp.d, key, bytes ) ); + + if( status == PSA_SUCCESS ) + { + *key_length = bytes; + } + + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + else +#endif /* MBEDTLS_ECP_C */ + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + (void) attributes; + (void) key; + (void) key_size; + (void) key_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 2d2c5c4b4..ddf283ff3 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -27,3 +27,15 @@ ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS verify_hash through transparent driver: error ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR + +generate_key through transparent driver: fake +generate_key:PSA_SUCCESS:1:PSA_SUCCESS + +generate_key through transparent driver: in-driver +generate_key:PSA_SUCCESS:0:PSA_SUCCESS + +generate_key through transparent driver: fallback +generate_key:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +generate_key through transparent driver: error +generate_key:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a954446ed..9bb794385 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -171,3 +171,73 @@ exit: test_driver_forced_output_length = 0; } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void generate_key( int force_status_arg, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + uint8_t actual_output[sizeof(test_secp256r1_key_data)] = {0}; + size_t actual_output_length; + + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( &attributes, alg ); + + if( fake_output ) + { + expected_output = test_driver_keygen_forced_output = test_secp256r1_key_data; + expected_output_length = test_driver_keygen_forced_output_length = + sizeof( test_secp256r1_key_data ); + } + + test_transparent_keygen_hit = 0; + test_transparent_keygen_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + actual_status = psa_generate_key( &attributes, &handle ); + fprintf(stdout, "rteturn %d\n", actual_status); + + TEST_EQUAL( test_transparent_keygen_hit, 1 ); + TEST_EQUAL( actual_status, expected_status ); + + if( actual_status == PSA_SUCCESS ) + { + psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + + if( fake_output ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output, expected_output_length ); + } + else + { + size_t zeroes = 0; + for( size_t i = 0; i < sizeof(actual_output); i++ ) + { + if( actual_output[i] == 0) + zeroes++; + } + TEST_ASSERT( zeroes != sizeof(actual_output) ); + } + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_keygen_forced_output = NULL; + test_driver_keygen_forced_output_length = 0; +} +/* END_CASE */ From 7922396c256e30174816812cf3946ca2cb3bb248 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 16:55:54 +0200 Subject: [PATCH 09/17] Added changelog Signed-off-by: Steven Cooreman --- ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt diff --git a/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt new file mode 100644 index 000000000..fe4389992 --- /dev/null +++ b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt @@ -0,0 +1,4 @@ +Features + * Partial implementation of the new PSA Crypto accelerator APIs for + enabling key generation and asymmetric signing/verification through crypto + accelerators. Contributed by Steven Cooreman in #3501. From 1cd39d52298b953d59cc791a07240d44f0522a21 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 23 Jul 2020 16:26:08 +0200 Subject: [PATCH 10/17] Use own define for building with test drivers Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS turned out to be awkward regarding existing builds. We'll put it under a custom (not in config.h) define instead, since it's something that only should happen in test. Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 28 +++++++++---------- tests/include/drivers/keygen.h | 4 +-- tests/include/drivers/signature.h | 4 +-- tests/scripts/all.sh | 5 ++-- tests/src/drivers/keygen.c | 4 +-- tests/src/drivers/signature.c | 4 +-- ..._suite_psa_crypto_driver_wrappers.function | 2 +- 7 files changed, 25 insertions(+), 26 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0f6cfe911..dc84f3ba8 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,13 +28,13 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Include driver definition file for each registered driver here */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ @@ -91,7 +91,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -104,11 +104,11 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( &attributes, slot->data.key.data, @@ -119,7 +119,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; @@ -182,7 +182,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -194,11 +194,11 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( &attributes, slot->data.key.data, @@ -208,7 +208,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash_length, signature, signature_length ) ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; @@ -330,7 +330,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = PSA_ERROR_NOT_SUPPORTED; break; } -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, @@ -338,19 +338,19 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) break; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ status = PSA_ERROR_NOT_SUPPORTED; break; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, &slot->data.key.bytes ); break; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ status = PSA_ERROR_INVALID_ARGUMENT; diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index 436df3441..7e6ed2756 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 232ed4147..ec4f66341 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a3f67bef8..540179b50 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1659,9 +1659,8 @@ component_test_se_default () { component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_TEST_HOOKS - # Need to include the test driver header path in order to build - make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 4c830c35e..c883e006e 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 32ebbfdff..114007a7b 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 9bb794385..f8ea80d47 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -49,7 +49,7 @@ typedef enum /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_TEST_HOOKS + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVER_TEST * END_DEPENDENCIES */ From f1720ea93098f7e5bd261e618720e6e953cbda92 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 24 Jul 2020 18:41:58 +0200 Subject: [PATCH 11/17] Fix macro naming to match inhouse style Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 90 ++++++++++++++-------------- tests/include/drivers/keygen.h | 10 ++-- tests/include/drivers/signature.h | 10 ++-- tests/include/drivers/test_driver.h | 8 +-- tests/scripts/all.sh | 2 +- tests/src/drivers/keygen.c | 4 +- tests/src/drivers/signature.c | 4 +- 7 files changed, 64 insertions(+), 64 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index dc84f3ba8..597f14251 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,21 +28,21 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) -#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#if defined(PSA_CRYPTO_DRIVER_TEST) +#undef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#undef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Include driver definition file for each registered driver here */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#undef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT #include "psa_crypto_se.h" #endif @@ -55,7 +55,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t signature_size, size_t *signature_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -76,10 +76,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -91,7 +91,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -104,12 +104,12 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -119,15 +119,15 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; } -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)hash; @@ -137,7 +137,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, (void)signature_length; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, @@ -147,7 +147,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, const uint8_t *signature, size_t signature_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -167,10 +167,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash, hash_length, signature, signature_length ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -182,7 +182,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -194,12 +194,12 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -208,15 +208,15 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash_length, signature, signature_length ) ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; } -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)hash; @@ -225,10 +225,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, (void)signature_length; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, size_t *expected_size ) { @@ -276,12 +276,12 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return PSA_ERROR_NOT_SUPPORTED; } } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -304,7 +304,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); size_t export_size = 0; @@ -330,7 +330,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = PSA_ERROR_NOT_SUPPORTED; break; } -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, @@ -338,19 +338,19 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) break; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ status = PSA_ERROR_NOT_SUPPORTED; break; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, &slot->data.key.bytes ); break; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ status = PSA_ERROR_INVALID_ARGUMENT; @@ -366,15 +366,15 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib } return( status ); -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } /* End of automatically generated file. */ diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index 7e6ed2756..e671df116 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index ec4f66341..90b787994 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index fec305fae..d123f105a 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -19,12 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#ifndef PSA_CRYPTO_TEST_DRIVER_H +#define PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff +#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" #include "drivers/keygen.h" -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ +#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 540179b50..596e1a96a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1660,7 +1660,7 @@ component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index c883e006e..1f96fc813 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 114007a7b..e1cd988b7 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 2c7b2f86971536818ddbf87158ea03af7e24c264 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 2 Sep 2020 13:43:46 +0200 Subject: [PATCH 12/17] Apply changes from #3546 to newly introduced files Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 4 +--- library/psa_crypto_driver_wrappers.h | 4 +--- tests/include/drivers/keygen.h | 4 +--- tests/include/drivers/signature.h | 4 +--- tests/include/drivers/test_driver.h | 4 +--- tests/src/drivers/keygen.c | 4 +--- tests/src/drivers/signature.c | 4 +--- 7 files changed, 7 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 597f14251..5fa7966d9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -3,7 +3,7 @@ * and appropriate accelerator. * Warning: auto-generated file. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -17,8 +17,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #include "psa_crypto_core.h" diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 6ab2d9019..f0b5db09f 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -3,7 +3,7 @@ * cryptographic accelerators. * Warning: auto-generated file. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -17,8 +17,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index e671df116..f0eb56915 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 90b787994..900f0c8bb 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index d123f105a..98dded8d2 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -1,7 +1,7 @@ /* * Umbrella include for all of the test driver functionality */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 1f96fc813..7f14b20ef 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index e1cd988b7..62ba4072a 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) From 15f58d28775d455e71fd042a0601cadf3d8ca180 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:05:23 +0200 Subject: [PATCH 13/17] Move mbedtls_to_psa_error declaration to internal header Signed-off-by: Steven Cooreman --- include/psa/crypto_extra.h | 11 ----------- library/psa_crypto_core.h | 12 ++++++++++++ tests/src/drivers/keygen.c | 1 + tests/src/drivers/signature.c | 1 + 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 2ac2c5bf1..f0c7979a8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -645,17 +645,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ); #endif /* MBEDTLS_ECP_C */ -/** Convert an mbed TLS error code to a PSA error code - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. - * - * \param ret An mbed TLS-thrown error code - * - * \return The corresponding PSA error code - */ -psa_status_t mbedtls_to_psa_error( int ret ); - /**@}*/ #ifdef __cplusplus diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9a61babb5..6ee17fce0 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -161,4 +161,16 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); + +/** Convert an mbed TLS error code to a PSA error code + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param ret An mbed TLS-thrown error code + * + * \return The corresponding PSA error code + */ +psa_status_t mbedtls_to_psa_error( int ret ); + #endif /* PSA_CRYPTO_CORE_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 7f14b20ef..4f30f0efc 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 62ba4072a..04c5de4a2 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "drivers/signature.h" From 8d2bde77a1d3e17de9b286b658ddf694358a63dd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:06:39 +0200 Subject: [PATCH 14/17] Make sure software fallback isn't tried on opaque keys Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 03326f70b..77e63045a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3664,7 +3664,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, signature, signature_size, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; /* If the operation was not supported by any accelerator, try fallback. */ @@ -3766,7 +3767,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, hash_length, signature, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; #if defined(MBEDTLS_RSA_C) From 56250fd1697ba6939347f6e7d07dc796d11df9a5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:07:15 +0200 Subject: [PATCH 15/17] Style fixes after PR review Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 109 +++++++++++++-------------- library/psa_crypto_driver_wrappers.h | 2 +- tests/include/drivers/keygen.h | 2 +- tests/include/drivers/signature.h | 2 +- tests/src/drivers/keygen.c | 14 ++-- tests/src/drivers/signature.c | 14 ++-- 6 files changed, 68 insertions(+), 75 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5fa7966d9..56bb0035f 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1,7 +1,7 @@ /* * Functions to delegate cryptographic operations to an available * and appropriate accelerator. - * Warning: auto-generated file. + * Warning: This file will be auto-generated in the future. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -27,20 +27,26 @@ /* Include test driver definition when running tests */ #if defined(PSA_CRYPTO_DRIVER_TEST) -#undef PSA_CRYPTO_DRIVER_PRESENT +#ifndef PSA_CRYPTO_DRIVER_PRESENT #define PSA_CRYPTO_DRIVER_PRESENT -#undef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif #include "drivers/test_driver.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ -/* Include driver definition file for each registered driver here */ +/* Repeat above block for each JSON-declared driver during autogeneration */ + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#undef PSA_CRYPTO_DRIVER_PRESENT +/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style + * SE driver is present, to avoid unused argument errors at compile time. */ +#ifndef PSA_CRYPTO_DRIVER_PRESENT #define PSA_CRYPTO_DRIVER_PRESENT +#endif #include "psa_crypto_se.h" #endif @@ -65,7 +71,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, drv->asymmetric->p_sign == NULL ) { /* Key is defined in SE, but we have no way to exercise it */ - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_sign( drv_context, slot->data.se.slot_number, @@ -101,10 +107,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -120,10 +126,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -134,7 +140,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, (void)signature_size; (void)signature_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -157,7 +163,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, drv->asymmetric->p_verify == NULL ) { /* Key is defined in SE, but we have no way to exercise it */ - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_verify( drv_context, slot->data.se.slot_number, @@ -191,10 +197,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, signature_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -209,10 +215,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -222,56 +228,45 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, (void)signature; (void)signature_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +/** Calculate the size to allocate for buffering a key with given attributes. + * + * This function provides a way to get the expected size for storing a key with + * the given attributes. This will be the size of the export representation for + * cleartext keys, and a driver-defined size for keys stored by opaque drivers. + * + * \param[in] attributes The key attribute structure of the key to store. + * \param[out] expected_size On success, a byte size large enough to contain + * the declared key. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + */ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, size_t *expected_size ) { + size_t buffer_size = 0; if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) { - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( attributes->core.type ) ) - { - *expected_size = PSA_BITS_TO_BYTES( attributes->core.bits ); - return PSA_SUCCESS; - } + buffer_size = PSA_KEY_EXPORT_MAX_SIZE( attributes->core.type, + attributes->core.bits ); - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) - { - *expected_size = PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - else - { - *expected_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - } + if( buffer_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); - if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) - { - if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) - { - *expected_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - else - { - *expected_size = PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - } - - return PSA_ERROR_NOT_SUPPORTED; + *expected_size = buffer_size; + return( PSA_SUCCESS ); } else { - /* TBD: opaque driver support, need to calculate size through driver-defined size function */ - return PSA_ERROR_NOT_SUPPORTED; + /* TBD: opaque driver support: need to calculate size through a + * driver-defined size function, since the size of an opaque (wrapped) + * key will be different for each implementation. */ + return( PSA_ERROR_NOT_SUPPORTED ); } } #endif /* PSA_CRYPTO_DRIVER_PRESENT */ @@ -292,7 +287,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib drv->key_management->p_generate == NULL ) { /* Key is defined as being in SE, but we have no way to generate it */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->key_management->p_generate( drv_context, @@ -309,11 +304,11 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = get_expected_key_size( attributes, &export_size ); if( status != PSA_SUCCESS ) - return status; + return( status ); slot->data.key.data = mbedtls_calloc(1, export_size); if( slot->data.key.data == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); slot->data.key.bytes = export_size; switch( location ) @@ -365,13 +360,13 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib return( status ); #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index f0b5db09f..42993792a 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -1,7 +1,7 @@ /* * Function signatures for functionality that can be provided by * cryptographic accelerators. - * Warning: auto-generated file. + * Warning: This file will be auto-generated in the future. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index f0eb56915..af1f49985 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for generating keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 900f0c8bb..1506bac70 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 4f30f0efc..a21ec27ce 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -1,5 +1,6 @@ /* - * Test driver for signature functions + * Test driver for generating keys. + * Currently only supports generating ECC keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -63,11 +64,12 @@ psa_status_t test_transparent_generate_key( /* Copied from psa_crypto.c */ #if defined(MBEDTLS_ECP_C) - if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( psa_get_key_type( attributes ) ); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; @@ -79,7 +81,7 @@ psa_status_t test_transparent_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != attributes->core.bits ) + if( curve_info->bit_size != psa_get_key_bits( attributes ) ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, @@ -92,7 +94,7 @@ psa_status_t test_transparent_generate_key( } /* Make sure to use export representation */ - size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ); if( key_size < bytes ) { mbedtls_ecp_keypair_free( &ecp ); diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 04c5de4a2..d1a600928 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -1,5 +1,7 @@ /* - * Test driver for signature functions + * Test driver for signature functions. + * Currently supports signing and verifying precalculated hashes, using + * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -130,10 +132,7 @@ psa_status_t test_transparent_signature_sign_hash( signature + curve_bytes, curve_bytes ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); @@ -258,10 +257,7 @@ psa_status_t test_transparent_signature_verify_hash( MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, &ecp.Q, &r, &s ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); From 831c695787ded250d2be0e4d51445cff512f3ebf Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 12:58:16 +0200 Subject: [PATCH 16/17] Apply feedback from PR review * Moved test data to .data file * Bundled test driver hook variables in a struct * Style fixes Signed-off-by: Steven Cooreman --- tests/.gitignore | 1 + tests/include/drivers/keygen.h | 22 ++- tests/include/drivers/signature.h | 24 +++- tests/src/drivers/keygen.c | 23 ++- tests/src/drivers/signature.c | 33 ++--- ...test_suite_psa_crypto_driver_wrappers.data | 30 ++-- ..._suite_psa_crypto_driver_wrappers.function | 136 +++++------------- 7 files changed, 113 insertions(+), 156 deletions(-) diff --git a/tests/.gitignore b/tests/.gitignore index d49611c1e..d9f4b5178 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -11,4 +11,5 @@ data_files/entropy_seed include/test/instrument_record_status.h src/*.o +src/drivers/*.o src/libmbed* diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index af1f49985..b72c65c78 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -29,11 +29,25 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_keygen_forced_output; -extern size_t test_driver_keygen_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_keygen_hooks_t; -extern psa_status_t test_transparent_keygen_status; -extern unsigned long test_transparent_keygen_hit; +#define TEST_DRIVER_KEYGEN_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_keygen_hooks_t test_driver_keygen_hooks_init( void ) +{ + const test_driver_keygen_hooks_t v = TEST_DRIVER_KEYGEN_INIT; + return( v ); +} + +extern test_driver_keygen_hooks_t test_driver_keygen_hooks; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 1506bac70..e41892e77 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -29,14 +29,26 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_forced_output; -extern size_t test_driver_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_signature_hooks_t; -extern psa_status_t test_transparent_signature_sign_hash_status; -extern unsigned long test_transparent_signature_sign_hash_hit; +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) +{ + const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; + return( v ); +} -extern psa_status_t test_transparent_signature_verify_hash_status; -extern unsigned long test_transparent_signature_verify_hash_hit; +extern test_driver_signature_hooks_t test_driver_signature_sign_hooks; +extern test_driver_signature_hooks_t test_driver_signature_verify_hooks; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index a21ec27ce..d493ab3e1 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -36,29 +36,24 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_keygen_forced_output = NULL; -size_t test_driver_keygen_forced_output_length = 0; - -psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_keygen_hit = 0; +test_driver_keygen_hooks_t test_driver_keygen_hooks = TEST_DRIVER_KEYGEN_INIT; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_transparent_keygen_hit; + ++test_driver_keygen_hooks.hits; - if( test_transparent_keygen_status != PSA_SUCCESS ) - return( test_transparent_keygen_status ); + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); - if( test_driver_keygen_forced_output != NULL ) + if( test_driver_keygen_hooks.forced_output != NULL ) { - if( test_driver_keygen_forced_output_length > key_size ) + if( test_driver_keygen_hooks.forced_output_length > key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_keygen_forced_output, - test_driver_keygen_forced_output_length ); - *key_length = test_driver_keygen_forced_output_length; + memcpy( key, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *key_length = test_driver_keygen_hooks.forced_output_length; return( PSA_SUCCESS ); } diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index d1a600928..5299a9654 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -39,15 +39,8 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_forced_output = NULL; -size_t test_driver_forced_output_length = 0; - -psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_sign_hash_hit = 0; - -psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_verify_hash_hit = 0; +test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT; +test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, @@ -56,18 +49,18 @@ psa_status_t test_transparent_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - ++test_transparent_signature_sign_hash_hit; + ++test_driver_signature_sign_hooks.hits; - if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_sign_hash_status ); + if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_sign_hooks.forced_status ); - if( test_driver_forced_output != NULL ) + if( test_driver_signature_sign_hooks.forced_output != NULL ) { - if( test_driver_forced_output_length > signature_size ) + if( test_driver_signature_sign_hooks.forced_output_length > signature_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, test_driver_forced_output, - test_driver_forced_output_length ); - *signature_length = test_driver_forced_output_length; + memcpy( signature, test_driver_signature_sign_hooks.forced_output, + test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = test_driver_signature_sign_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -178,10 +171,10 @@ psa_status_t test_transparent_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - ++test_transparent_signature_verify_hash_hit; + ++test_driver_signature_verify_hooks.hits; - if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_verify_hash_status ); + if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_verify_hooks.forced_status ); psa_status_t status = PSA_ERROR_NOT_SUPPORTED; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index ddf283ff3..74e61723f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -1,41 +1,41 @@ sign_hash through transparent driver: calculate in driver -ecdsa_sign:PSA_SUCCESS:0:PSA_SUCCESS +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: fallback -ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: error -ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +ecdsa_sign:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR sign_hash through transparent driver: fake -ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS verify_hash using private key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:0:PSA_SUCCESS +ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: fallback -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash using public key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:1:PSA_SUCCESS +ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: fallback -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS -verify_hash through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR +verify_hash using public key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR generate_key through transparent driver: fake -generate_key:PSA_SUCCESS:1:PSA_SUCCESS +generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS generate_key through transparent driver: in-driver -generate_key:PSA_SUCCESS:0:PSA_SUCCESS +generate_key:PSA_SUCCESS:"":PSA_SUCCESS generate_key through transparent driver: fallback -generate_key:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_key through transparent driver: error -generate_key:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index f8ea80d47..c3830a76b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2,59 +2,18 @@ #include "test/psa_crypto_helpers.h" #include "drivers/test_driver.h" - -uint8_t test_secp256r1_key_data[32] = { - 0xab, 0x45, 0x43, 0x57, 0x12, 0x64, 0x9c, 0xb3, - 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, - 0x27, 0x40, 0xff, 0xc7, 0xf8, 0x74, 0xd9, 0x24, - 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a, -}; -uint8_t test_hash_32[32] = { - 0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, - 0x14, 0x39, 0x24, 0x85, 0x04, 0xdd, 0x0d, 0x49, - 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, - 0xc6, 0x85, 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b, -}; -uint8_t test_signature_hash_32_with_secp256r1[64] = { - 0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, - 0x49, 0x03, 0x77, 0xad, 0xf2, 0xea, 0x1f, 0x11, - 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, - 0x18, 0xd5, 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, - 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e, 0x25, - 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, - 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, - 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, -}; -uint8_t test_secp256r1_public_key_data[65] = { - 0x04, - 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, - 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, - 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, - 0x4a, 0x57, 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, - 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, - 0x8b, 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, - 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, 0xa1, - 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20 -}; - -uint8_t test_fake_output[] = "INJECTED OUTPUT"; - -typedef enum -{ - EXPECT_FAILURE, - EXPECT_CORRECT_OUTPUT, - EXPECT_FAKE_OUTPUT, -} expected_output_t; - /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVER_TEST + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ void ecdsa_sign( int force_status_arg, + data_t *key_input, + data_t *data_input, + data_t *expected_output, int fake_output, int expected_status_arg ) { @@ -65,9 +24,8 @@ void ecdsa_sign( int force_status_arg, psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); uint8_t signature[64]; size_t signature_length = 0xdeadbeef; - const uint8_t *expected_output; - size_t expected_output_length; psa_status_t actual_status; + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_type( &attributes, @@ -75,48 +33,42 @@ void ecdsa_sign( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + key_input->x, key_input->len, &handle ); - test_transparent_signature_sign_hash_hit = 0; - test_transparent_signature_sign_hash_status = force_status; - if( fake_output ) + test_driver_signature_sign_hooks.forced_status = force_status; + if( fake_output == 1 ) { - expected_output = test_driver_forced_output = test_fake_output; - expected_output_length = test_driver_forced_output_length = - sizeof( test_fake_output ); - } - else - { - expected_output = test_signature_hash_32_with_secp256r1; - expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + test_driver_signature_sign_hooks.forced_output = expected_output->x; + test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } actual_status = psa_sign_hash( handle, alg, - test_hash_32, sizeof( test_hash_32 ), + data_input->x, data_input->len, signature, sizeof( signature ), &signature_length ); TEST_EQUAL( actual_status, expected_status ); if( expected_status == PSA_SUCCESS ) { ASSERT_COMPARE( signature, signature_length, - expected_output, expected_output_length ); + expected_output->x, expected_output->len ); } - TEST_EQUAL( test_transparent_signature_sign_hash_hit, 1 ); + TEST_EQUAL( test_driver_signature_sign_hooks.hits, 1 ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_forced_output = NULL; - test_driver_forced_output_length = 0; + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ void ecdsa_verify( int force_status_arg, int register_public_key, + data_t *key_input, + data_t *data_input, + data_t *signature_input, int expected_status_arg ) { psa_status_t force_status = force_status_arg; @@ -124,9 +76,8 @@ void ecdsa_verify( int force_status_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); - const uint8_t *expected_output; - size_t expected_output_length; psa_status_t actual_status; + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); if( register_public_key ) @@ -136,7 +87,7 @@ void ecdsa_verify( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_public_key_data, sizeof( test_secp256r1_public_key_data ), + key_input->x, key_input->len, &handle ); } else @@ -146,35 +97,29 @@ void ecdsa_verify( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + key_input->x, key_input->len, &handle ); } - test_transparent_signature_verify_hash_hit = 0; - test_transparent_signature_verify_hash_status = force_status; - - expected_output = test_signature_hash_32_with_secp256r1; - expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + test_driver_signature_verify_hooks.forced_status = force_status; actual_status = psa_verify_hash( handle, alg, - test_hash_32, sizeof( test_hash_32 ), - expected_output, expected_output_length ); + data_input->x, data_input->len, + signature_input->x, signature_input->len ); TEST_EQUAL( actual_status, expected_status ); - TEST_EQUAL( test_transparent_signature_verify_hash_hit, 1 ); + TEST_EQUAL( test_driver_signature_verify_hooks.hits, 1 ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_forced_output = NULL; - test_driver_forced_output_length = 0; + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ void generate_key( int force_status_arg, - int fake_output, + data_t *fake_output, int expected_status_arg ) { psa_status_t force_status = force_status_arg; @@ -182,11 +127,12 @@ void generate_key( int force_status_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); - const uint8_t *expected_output; - size_t expected_output_length; + const uint8_t *expected_output = NULL; + size_t expected_output_length = 0; psa_status_t actual_status; - uint8_t actual_output[sizeof(test_secp256r1_key_data)] = {0}; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0}; size_t actual_output_length; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); @@ -194,29 +140,27 @@ void generate_key( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, alg ); - if( fake_output ) + if( fake_output->len > 0 ) { - expected_output = test_driver_keygen_forced_output = test_secp256r1_key_data; - expected_output_length = test_driver_keygen_forced_output_length = - sizeof( test_secp256r1_key_data ); + expected_output = test_driver_keygen_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_keygen_hooks.forced_output_length = + fake_output->len; } - test_transparent_keygen_hit = 0; - test_transparent_keygen_status = force_status; + test_driver_keygen_hooks.hits = 0; + test_driver_keygen_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); actual_status = psa_generate_key( &attributes, &handle ); - fprintf(stdout, "rteturn %d\n", actual_status); - - TEST_EQUAL( test_transparent_keygen_hit, 1 ); + TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); if( actual_status == PSA_SUCCESS ) { psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); - if( fake_output ) + if( fake_output->len > 0 ) { ASSERT_COMPARE( actual_output, actual_output_length, expected_output, expected_output_length ); @@ -236,8 +180,6 @@ exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_keygen_forced_output = NULL; - test_driver_keygen_forced_output_length = 0; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); } /* END_CASE */ From 0d7c64dd8fbc2c3f2ba553d05485ecb8b95d9b66 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 16:17:55 +0200 Subject: [PATCH 17/17] Changed test driver include folder to reflect it's a test driver Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 2 +- scripts/generate_visualc_files.pl | 2 +- tests/include/{ => test}/drivers/keygen.h | 0 tests/include/{ => test}/drivers/signature.h | 0 tests/include/{ => test}/drivers/test_driver.h | 4 ++-- tests/src/drivers/keygen.c | 2 +- tests/src/drivers/signature.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 2 +- visualc/VS2010/mbedTLS.vcxproj | 6 +++--- 9 files changed, 10 insertions(+), 10 deletions(-) rename tests/include/{ => test}/drivers/keygen.h (100%) rename tests/include/{ => test}/drivers/signature.h (100%) rename tests/include/{ => test}/drivers/test_driver.h (92%) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 56bb0035f..cc51e2450 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -33,7 +33,7 @@ #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif -#include "drivers/test_driver.h" +#include "test/drivers/test_driver.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Repeat above block for each JSON-declared driver during autogeneration */ diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 469595518..6c2b5e4ab 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,7 +39,7 @@ my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; -my $test_drivers_header_dir = 'tests/include/drivers'; +my $test_drivers_header_dir = 'tests/include/test/drivers'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest diff --git a/tests/include/drivers/keygen.h b/tests/include/test/drivers/keygen.h similarity index 100% rename from tests/include/drivers/keygen.h rename to tests/include/test/drivers/keygen.h diff --git a/tests/include/drivers/signature.h b/tests/include/test/drivers/signature.h similarity index 100% rename from tests/include/drivers/signature.h rename to tests/include/test/drivers/signature.h diff --git a/tests/include/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h similarity index 92% rename from tests/include/drivers/test_driver.h rename to tests/include/test/drivers/test_driver.h index 98dded8d2..75135e0f4 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -22,7 +22,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff -#include "drivers/signature.h" -#include "drivers/keygen.h" +#include "test/drivers/signature.h" +#include "test/drivers/keygen.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index d493ab3e1..f15a4bc9a 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -30,7 +30,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" -#include "drivers/keygen.h" +#include "test/drivers/keygen.h" #include "test/random.h" diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 5299a9654..028d24a09 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -30,7 +30,7 @@ #include "psa_crypto_core.h" #include "mbedtls/ecp.h" -#include "drivers/signature.h" +#include "test/drivers/signature.h" #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index c3830a76b..917798237 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include "test/psa_crypto_helpers.h" -#include "drivers/test_driver.h" +#include "test/drivers/test_driver.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 8371edaf2..9d7929839 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -238,9 +238,9 @@ - - - + + +