diff --git a/.gitignore b/.gitignore index ee2cd4640..39cdc4ea5 100644 --- a/.gitignore +++ b/.gitignore @@ -54,4 +54,5 @@ massif-* /GSYMS /GTAGS /TAGS +/cscope*.out /tags diff --git a/.travis.yml b/.travis.yml index c67c0cd33..76cb1c537 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,10 +28,6 @@ jobs: script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: check compilation guards - script: - - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - - name: macOS os: osx compiler: clang diff --git a/CMakeLists.txt b/CMakeLists.txt index f8df14007..ac24bf41b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,9 +14,13 @@ # CMake files. It is related to ZLIB support which is planned to be removed. # When the support is removed, the associated include_directories command # will be removed as well as this note. +# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling +# CMake in order to avoid target name clashes, via the use of +# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the +# mbedtls, mbedx509, mbedcrypto and apidoc targets. # -cmake_minimum_required(VERSION 2.6) +cmake_minimum_required(VERSION 2.8.12) if(TEST_CPP) project("mbed TLS" C CXX) else() @@ -112,9 +116,12 @@ option: \n\ endif() endif() -set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" - FORCE) +# If this is the root project add longer list of available CMAKE_BUILD_TYPE values +if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) + set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" + FORCE) +endif() # Create a symbolic link from ${base_name} in the binary directory # to the corresponding path in the source directory. @@ -152,6 +159,8 @@ endfunction(link_to_source) string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") +include(CheckCCompilerFlag) + if(CMAKE_COMPILER_IS_GNU) # some warnings we want are not available with old GCC versions # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION @@ -168,7 +177,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") endif() if (GCC_VERSION VERSION_GREATER 5.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) + if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + endif() endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") @@ -256,7 +268,7 @@ add_subdirectory(library) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c) + file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include @@ -268,7 +280,7 @@ if(ENABLE_PROGRAMS) add_subdirectory(programs) endif() -ADD_CUSTOM_TARGET(apidoc +ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}apidoc COMMAND doxygen mbedtls.doxyfile WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen) diff --git a/ChangeLog b/ChangeLog index 32853ce43..594c3cf4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,118 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.24.0 branch released 2020-09-01 + +API changes + * In the PSA API, rename the types of elliptic curve and Diffie-Hellman + group families to psa_ecc_family_t and psa_dh_family_t, in line with the + PSA Crypto API specification version 1.0.0. + Rename associated macros as well: + PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx + PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx + PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY + PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY + +Default behavior changes + * Stop storing persistent information about externally stored keys created + through PSA Crypto with a volatile lifetime. Reported in #3288 and + contributed by Steven Cooreman in #3382. + +Features + * The new function mbedtls_ecp_write_key() exports private ECC keys back to + a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). + * Support building on e2k (Elbrus) architecture: correctly enable + -Wformat-signedness, and fix the code that causes signed-one-bit-field + and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) + . + +Security + * Fix a vulnerability in the verification of X.509 certificates when + matching the expected common name (the cn argument of + mbedtls_x509_crt_verify()) with the actual certificate name: when the + subjecAltName extension is present, the expected name was compared to any + name in that extension regardless of its type. This means that an + attacker could for example impersonate a 4-bytes or 16-byte domain by + getting a certificate for the corresponding IPv4 or IPv6 (this would + require the attacker to control that IP address, though). Similar attacks + using other subjectAltName name types might be possible. Found and + reported by kFYatek in #3498. + * When checking X.509 CRLs, a certificate was only considered as revoked if + its revocationDate was in the past according to the local clock if + available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, + certificates were never considered as revoked. On builds with + MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for + example, an untrusted OS attacking a secure enclave) could prevent + revocation of certificates via CRLs. Fixed by no longer checking the + revocationDate field, in accordance with RFC 5280. Reported by + yuemonangong in #3340. Reported independently and fixed by + Raoul Strackx and Jethro Beekman in #3433. + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even + if they have access to fine-grained measurements. In particular, this + fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, + Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). + * Fix side channel in RSA private key operations and static (finite-field) + Diffie-Hellman. An adversary with precise enough timing and memory access + information (typically an untrusted operating system attacking a secure + enclave) could bypass an existing counter-measure (base blinding) and + potentially fully recover the private key. + * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). + Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine + for pinpointing the problematic code. + * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused + application data from memory. Reported in #689 by + Johan Uppman Bruce of Sectra. + +Bugfix + * Library files installed after a CMake build no longer have execute + permission. + * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol + redefinition if the function is inlined. + Reported in #3451 and fix contributed in #3452 by okhowang. + * Fix the endianness of Curve25519 keys imported/exported through the PSA + APIs. psa_import_key and psa_export_key will now correctly expect/output + Montgomery keys in little-endian as defined by RFC7748. Contributed by + Steven Cooreman in #3425. + * Fix build errors when the only enabled elliptic curves are Montgomery + curves. Raised by signpainter in #941 and by Taiki-San in #1412. This + also fixes missing declarations reported by Steven Cooreman in #1147. + * Fix self-test failure when the only enabled short Weierstrass elliptic + curve is secp192k1. Fixes #2017. + * PSA key import will now correctly import a Curve25519/Curve448 public key + instead of erroring out. Contributed by Steven Cooreman in #3492. + * Use arc4random_buf on NetBSD instead of rand implementation with cyclical + lower bits. Fix contributed in #3540. + * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory + conditions. Reported and fix suggested by Guido Vranken in #3486. + * Fix bug in redirection of unit test outputs on platforms where stdout is + defined as a macro. First reported in #2311 and fix contributed in #3528. + +Changes + * Only pass -Wformat-signedness to versions of GCC that support it. Reported + in #3478 and fix contributed in #3479 by okhowang. + * Reduce the stack consumption of mbedtls_x509write_csr_der() which + previously could lead to stack overflow on constrained devices. + Contributed by Doru Gucea and Simon Leet in #3464. + * Undefine the ASSERT macro before defining it locally, in case it is defined + in a platform header. Contributed by Abdelatif Guettouche in #3557. + * Update copyright notices to use Linux Foundation guidance. As a result, + the copyright of contributors other than Arm is now acknowledged, and the + years of publishing are no longer tracked in the source files. This also + eliminates the need for the lines declaring the files to be part of + MbedTLS. Fixes #3457. + * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 + example applications which allows to provide a password for the key file + specified through the existing key_file argument. This allows the use of + these applications with password-protected key files. Analogously but for + ssl_server2 only, add the command line parameter key_pwd2 which allows to + set a password for the key file provided through the existing key_file2 + argument. + = mbed TLS 2.23.0 branch released 2020-07-01 Default behavior changes diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index b559e2336..d2ea73d1c 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -3,6 +3,29 @@ This directory contains changelog entries that have not yet been merged to the changelog file ([`../ChangeLog`](../ChangeLog)). +## What requires a changelog entry? + +Write a changelog entry if there is a user-visible change. This includes: + +* Bug fixes in the library or in sample programs: fixing a security hole, + fixing broken behavior, fixing the build in some configuration or on some + platform, etc. +* New features in the library, new sample programs, or new platform support. +* Changes in existing behavior. These should be rare. Changes in features + that are documented as experimental may or may not be announced, depending + on the extent of the change and how widely we expect the feature to be used. + +We generally don't include changelog entries for: + +* Documentation improvements. +* Performance improvements, unless they are particularly significant. +* Changes to parts of the code base that users don't interact with directly, + such as test code and test data. + +Until Mbed TLS 2.24.0, we required changelog entries in more cases. +Looking at older changelog entries is good practice for how to write a +changelog entry, but not for deciding whether to write one. + ## Changelog entry file format A changelog entry file must have the extension `*.txt` and must have the @@ -33,8 +56,7 @@ The permitted changelog entry categories are as follows: Bugfix Changes -Use “Changes” for anything that doesn't fit in the other categories, such as -performance, documentation and test improvements. +Use “Changes” for anything that doesn't fit in the other categories. ## How to write a changelog entry @@ -49,8 +71,7 @@ Include GitHub issue numbers where relevant. Use the format “#1234” for an Mbed TLS issue. Add other external references such as CVE numbers where applicable. -Credit the author of the contribution if the contribution is not a member of -the Mbed TLS development team. Also credit bug reporters where applicable. +Credit bug reporters where applicable. **Explain why, not how**. Remember that the audience is the users of the library, not its developers. In particular, for a bug fix, explain the diff --git a/ChangeLog.d/_GNU_SOURCE-redefined.txt b/ChangeLog.d/_GNU_SOURCE-redefined.txt new file mode 100644 index 000000000..59c8a153f --- /dev/null +++ b/ChangeLog.d/_GNU_SOURCE-redefined.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value. + Fix #3432. diff --git a/ChangeLog.d/add-aes-ecb-to-psa.txt b/ChangeLog.d/add-aes-ecb-to-psa.txt new file mode 100644 index 000000000..b0de67c4e --- /dev/null +++ b/ChangeLog.d/add-aes-ecb-to-psa.txt @@ -0,0 +1,2 @@ +Features + * Add support for ECB to the PSA cipher API. diff --git a/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt new file mode 100644 index 000000000..533f309ab --- /dev/null +++ b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt @@ -0,0 +1,6 @@ +Features + * Add MBEDTLS_TARGET_PREFIX CMake variable, which is prefixed to the mbedtls, + mbedcrypto, mbedx509 and apidoc CMake target names. This can be used by + external CMake projects that include this one to avoid CMake target name + clashes. The default value of this variable is "", so default target names + are unchanged. diff --git a/ChangeLog.d/add_cipher_transparent_driver.txt b/ChangeLog.d/add_cipher_transparent_driver.txt new file mode 100644 index 000000000..ce6f33d0d --- /dev/null +++ b/ChangeLog.d/add_cipher_transparent_driver.txt @@ -0,0 +1,4 @@ +Features + * Partial implementation of the new PSA Crypto accelerator APIs for + enabling symmetric cipher acceleration through crypto accelerators. + Contributed by Steven Cooreman in #3644. diff --git a/ChangeLog.d/add_export_public_key_driver.txt b/ChangeLog.d/add_export_public_key_driver.txt new file mode 100644 index 000000000..a9bffbc06 --- /dev/null +++ b/ChangeLog.d/add_export_public_key_driver.txt @@ -0,0 +1,3 @@ +Features + * Implementation of the export_public_key interface for PSA Crypto + accelerator drivers, as defined in #3493. Contributed in #3786. diff --git a/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt new file mode 100644 index 000000000..fe4389992 --- /dev/null +++ b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt @@ -0,0 +1,4 @@ +Features + * Partial implementation of the new PSA Crypto accelerator APIs for + enabling key generation and asymmetric signing/verification through crypto + accelerators. Contributed by Steven Cooreman in #3501. diff --git a/ChangeLog.d/adjusting sliding_window_size_PR3592.txt b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt new file mode 100644 index 000000000..608956541 --- /dev/null +++ b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt @@ -0,0 +1,3 @@ +Changes + * Reduce stack usage significantly during sliding window exponentiation. + Reported in #3591 and fix contributed in #3592 by Daniel Otte. diff --git a/ChangeLog.d/aes-zeroize-pointer.txt b/ChangeLog.d/aes-zeroize-pointer.txt new file mode 100644 index 000000000..ccc6dc159 --- /dev/null +++ b/ChangeLog.d/aes-zeroize-pointer.txt @@ -0,0 +1,5 @@ +Changes + * Remove the zeroization of a pointer variable in AES rounds. It was valid + but spurious and misleading since it looked like a mistaken attempt to + zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA + Leti, France. diff --git a/ChangeLog.d/android-socklen_t.txt b/ChangeLog.d/android-socklen_t.txt new file mode 100644 index 000000000..d795a5274 --- /dev/null +++ b/ChangeLog.d/android-socklen_t.txt @@ -0,0 +1,3 @@ +Bugfix + * Use socklen_t on Android and other POSIX-compliant system + diff --git a/ChangeLog.d/arc4random_buf-implicit.txt b/ChangeLog.d/arc4random_buf-implicit.txt new file mode 100644 index 000000000..81c245e67 --- /dev/null +++ b/ChangeLog.d/arc4random_buf-implicit.txt @@ -0,0 +1,3 @@ +Bugfix + * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is + defined. Fix contributed in #3571. diff --git a/ChangeLog.d/bugfix_3524.txt b/ChangeLog.d/bugfix_3524.txt new file mode 100644 index 000000000..e03834006 --- /dev/null +++ b/ChangeLog.d/bugfix_3524.txt @@ -0,0 +1,3 @@ +Bugfix + * Include the psa_constant_names generated source code in the source tree + instead of generating it at build time. Fixes #3524. diff --git a/ChangeLog.d/bugfix_3782.txt b/ChangeLog.d/bugfix_3782.txt new file mode 100644 index 000000000..25e18cb18 --- /dev/null +++ b/ChangeLog.d/bugfix_3782.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix build failures on GCC 11. Fixes #3782. diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt new file mode 100644 index 000000000..a483ea76a --- /dev/null +++ b/ChangeLog.d/bugfix_3794.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix handling of EOF against 0xff bytes and on platforms with + unsigned chars. Fixes a build failure on platforms where char is + unsigned. Fixes #3794. diff --git a/ChangeLog.d/bugfix_PR3294.txt b/ChangeLog.d/bugfix_PR3294.txt new file mode 100644 index 000000000..a6ea75e05 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3294.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix build failure in configurations where MBEDTLS_USE_PSA_CRYPTO is + enabled but ECDSA is disabled. Contributed by jdurkop. Fixes #3294. + diff --git a/ChangeLog.d/bugfix_PR3452.txt b/ChangeLog.d/bugfix_PR3452.txt deleted file mode 100644 index acf593eb8..000000000 --- a/ChangeLog.d/bugfix_PR3452.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol redefinition if the function is inlined. - Reported in #3451 and fix contributed in #3452 by okhowang. diff --git a/ChangeLog.d/build_with_only_montgomery_curves.txt b/ChangeLog.d/build_with_only_montgomery_curves.txt deleted file mode 100644 index d4ec7c56c..000000000 --- a/ChangeLog.d/build_with_only_montgomery_curves.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fix build errors when the only enabled elliptic curves are Montgomery - curves. Raised by signpainter in #941 and by Taiki-San in #1412. This - also fixes missing declarations reported by Steven Cooreman in #1147. - * Fix self-test failure when the only enabled short Weierstrass elliptic - curve is secp192k1. Fixes #2017. diff --git a/ChangeLog.d/cmake-install.txt b/ChangeLog.d/cmake-install.txt deleted file mode 100644 index 1bcec4aa9..000000000 --- a/ChangeLog.d/cmake-install.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Library files installed after a CMake build no longer have execute - permission. diff --git a/ChangeLog.d/copyright.txt b/ChangeLog.d/copyright.txt deleted file mode 100644 index aefc6bc7e..000000000 --- a/ChangeLog.d/copyright.txt +++ /dev/null @@ -1,6 +0,0 @@ -Changes - * Update copyright notices to use Linux Foundation guidance. As a result, - the copyright of contributors other than Arm is now acknowledged, and the - years of publishing are no longer tracked in the source files. This also - eliminates the need for the lines declaring the files to be part of - MbedTLS. Fixes #3457. diff --git a/ChangeLog.d/do_not_persist_volatile_external_keys.txt b/ChangeLog.d/do_not_persist_volatile_external_keys.txt deleted file mode 100644 index b27292c90..000000000 --- a/ChangeLog.d/do_not_persist_volatile_external_keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Default behavior changes - * Stop storing persistent information about externally stored keys created - through PSA Crypto with a volatile lifetime. Reported in #3288 and - contributed by Steven Cooreman in #3382. diff --git a/ChangeLog.d/ecb_iv_fix.txt b/ChangeLog.d/ecb_iv_fix.txt new file mode 100644 index 000000000..ae2ae2543 --- /dev/null +++ b/ChangeLog.d/ecb_iv_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Correct the default IV size for mbedtls_cipher_info_t structures using + MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs. diff --git a/ChangeLog.d/ecp_curve_list.txt b/ChangeLog.d/ecp_curve_list.txt new file mode 100644 index 000000000..55745d38d --- /dev/null +++ b/ChangeLog.d/ecp_curve_list.txt @@ -0,0 +1,5 @@ +Bugfix + * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names + "x25519" and "x448". These curves support ECDH but not ECDSA. If you need + only the curves that support ECDSA, filter the list with + mbedtls_ecdsa_can_do(). diff --git a/ChangeLog.d/error-include-string.txt b/ChangeLog.d/error-include-string.txt new file mode 100644 index 000000000..0a12c7bec --- /dev/null +++ b/ChangeLog.d/error-include-string.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix conditions for including string.h in error.c. Fixes #3866. diff --git a/ChangeLog.d/feature-dtls-srtp.txt b/ChangeLog.d/feature-dtls-srtp.txt new file mode 100644 index 000000000..8b9186bb9 --- /dev/null +++ b/ChangeLog.d/feature-dtls-srtp.txt @@ -0,0 +1,2 @@ +Features +* Add support for DTLS-SRTP as defined in RFC 5764. Contributed by Johan Pascal, improved by Ron Eldor. diff --git a/ChangeLog.d/fix-rsa-blinding.txt b/ChangeLog.d/fix-rsa-blinding.txt new file mode 100644 index 000000000..a13572c9a --- /dev/null +++ b/ChangeLog.d/fix-rsa-blinding.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix rsa_prepare_blinding() to retry when the blinding value is not + invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This + addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)). + Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin). + Fixes #3647. diff --git a/ChangeLog.d/fix_ccm_add_length_check.txt b/ChangeLog.d/fix_ccm_add_length_check.txt new file mode 100644 index 000000000..259399fd4 --- /dev/null +++ b/ChangeLog.d/fix_ccm_add_length_check.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix an off-by-one error in the additional data length check for + CCM, which allowed encryption with a non-standard length field. + Fixes #3719. + diff --git a/ChangeLog.d/format-signedness.txt b/ChangeLog.d/format-signedness.txt deleted file mode 100644 index ee1ee4bb3..000000000 --- a/ChangeLog.d/format-signedness.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Only pass -Wformat-signedness to versions of GCC that support it. Reported - in #3478 and fix contributed in #3479 by okhowang. diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt deleted file mode 100644 index adf493abe..000000000 --- a/ChangeLog.d/local-lucky13.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * In (D)TLS record decryption, when using a CBC ciphersuites without the - Encrypt-then-Mac extension, use constant code flow memory access patterns - to extract and check the MAC. This is an improvement to the existing - countermeasure against Lucky 13 attacks. The previous countermeasure was - effective against network-based attackers, but less so against local - attackers. The new countermeasure defends against local attackers, even - if they have access to fine-grained measurements. In particular, this - fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, - Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler - (University of Florida) and Dave Tian (Purdue University). diff --git a/ChangeLog.d/minimum_cmake_version_PR3802.txt b/ChangeLog.d/minimum_cmake_version_PR3802.txt new file mode 100644 index 000000000..549f9b1ac --- /dev/null +++ b/ChangeLog.d/minimum_cmake_version_PR3802.txt @@ -0,0 +1,3 @@ +Requirement changes +* Update the minimum required CMake version to 2.8.12. +* This silences a warning on CMake 3.19.0. #3801 diff --git a/ChangeLog.d/netbsd-rand-arc4random_buf.txt b/ChangeLog.d/netbsd-rand-arc4random_buf.txt deleted file mode 100644 index 8539d1f5e..000000000 --- a/ChangeLog.d/netbsd-rand-arc4random_buf.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Use arc4random_buf on NetBSD instead of rand implementation with cyclical - lower bits. Fix contributed in #3540. diff --git a/ChangeLog.d/protect-base-blinding.txt b/ChangeLog.d/protect-base-blinding.txt deleted file mode 100644 index ca0600cee..000000000 --- a/ChangeLog.d/protect-base-blinding.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix side channel in RSA private key operations and static (finite-field) - Diffie-Hellman. An adversary with precise enough timing and memory access - information (typically an untrusted operating system attacking a secure - enclave) could bypass an existing counter-measure (base blinding) and - potentially fully recover the private key. diff --git a/ChangeLog.d/psa-openless.txt b/ChangeLog.d/psa-openless.txt new file mode 100644 index 000000000..2e40cdff8 --- /dev/null +++ b/ChangeLog.d/psa-openless.txt @@ -0,0 +1,17 @@ +Features + * In the PSA API, it is no longer necessary to open persistent keys: + operations now accept the key identifier. The type psa_key_handle_t is now + identical to psa_key_id_t instead of being platform-defined. This bridges + the last major gap to compliance with the PSA Cryptography specification + version 1.0.0. Opening persistent keys is still supported for backward + compatibility, but will be deprecated and later removed in future + releases. + +Bugfix + * psa_set_key_id() now also sets the lifetime to persistent for keys located + in a secure element. + * Attempting to create a volatile key with a non-zero key identifier now + fails. Previously the key identifier was just ignored when creating a + volatile key. + * Attempting to create or register a key with a key identifier in the vendor + range now fails. diff --git a/ChangeLog.d/psa_curve25519_key_support.txt b/ChangeLog.d/psa_curve25519_key_support.txt deleted file mode 100644 index 954ca0ff4..000000000 --- a/ChangeLog.d/psa_curve25519_key_support.txt +++ /dev/null @@ -1,9 +0,0 @@ -Features - * The new function mbedtls_ecp_write_key() exports private ECC keys back to - a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). - -Bugfix - * Fix the endianness of Curve25519 keys imported/exported through the PSA - APIs. psa_import_key and psa_export_key will now correctly expect/output - Montgomery keys in little-endian as defined by RFC7748. Contributed by - Steven Cooreman in #3425. diff --git a/ChangeLog.d/psa_curve25519_public_key_import.txt b/ChangeLog.d/psa_curve25519_public_key_import.txt deleted file mode 100644 index 2ea11e2c8..000000000 --- a/ChangeLog.d/psa_curve25519_public_key_import.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * PSA key import will now correctly import a Curve25519/Curve448 public key - instead of erroring out. Contributed by Steven Cooreman in #3492. diff --git a/ChangeLog.d/psa_ecc_dh_macros.txt b/ChangeLog.d/psa_ecc_dh_macros.txt deleted file mode 100644 index 033f3d8ae..000000000 --- a/ChangeLog.d/psa_ecc_dh_macros.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * In the PSA API, rename the types of elliptic curve and Diffie-Hellman group families to - psa_ecc_family_t and psa_dh_family_t, in line with the PSA Crypto API specification version 1.0.0. - Rename associated macros as well: - PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx - PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx - PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY - PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY - diff --git a/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt new file mode 100644 index 000000000..85c363bef --- /dev/null +++ b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt @@ -0,0 +1,4 @@ +Bugfix + * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input + sizes (instead of PSA_ERROR_BAD_STATE in some cases) to make the + psa_cipher_* functions compliant with the PSA Crypto API specification. diff --git a/ChangeLog.d/psa_generate_key-curve25519.txt b/ChangeLog.d/psa_generate_key-curve25519.txt new file mode 100644 index 000000000..24b6fcfe2 --- /dev/null +++ b/ChangeLog.d/psa_generate_key-curve25519.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_generate_key() returning an error when asked to generate + an ECC key pair on Curve25519 or secp244k1. diff --git a/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt new file mode 100644 index 000000000..6660dc3d5 --- /dev/null +++ b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt @@ -0,0 +1,6 @@ +Features + * In PSA, allow using a key declared with a base key agreement algorithm + in combined key agreement and derivation operations, as long as the key + agreement algorithm in use matches the algorithm the key was declared with. + This is currently non-standard behaviour, but expected to make it into a + future revision of the PSA Crypto standard. diff --git a/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt new file mode 100644 index 000000000..3f61481ab --- /dev/null +++ b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix psa_key_derivation_output_key() to allow the output of a combined key + agreement and subsequent key derivation operation to be used as a key + inside of the PSA Crypto core. diff --git a/ChangeLog.d/systematically_store_bit_size_3740.txt b/ChangeLog.d/systematically_store_bit_size_3740.txt new file mode 100644 index 000000000..9e63bbc3e --- /dev/null +++ b/ChangeLog.d/systematically_store_bit_size_3740.txt @@ -0,0 +1,5 @@ +Changes + * The PSA persistent storage format is updated to always store the key bits + attribute. No automatic upgrade path is provided. Previously stored keys + must be erased, or manually upgraded based on the key storage format + specification (docs/architecture/mbed-crypto-storage-specification.md). #3740 diff --git a/ChangeLog.d/x509-verify-non-dns-san.txt b/ChangeLog.d/x509-verify-non-dns-san.txt deleted file mode 100644 index 0cd81b385..000000000 --- a/ChangeLog.d/x509-verify-non-dns-san.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * Fix a vulnerability in the verification of X.509 certificates when - matching the expected common name (the cn argument of - mbedtls_x509_crt_verify()) with the actual certificate name: when the - subjecAltName extension is present, the expected name was compared to any - name in that extension regardless of its type. This means that an - attacker could for example impersonate a 4-bytes or 16-byte domain by - getting a certificate for the corresponding IPv4 or IPv6 (this would - require the attacker to control that IP address, though). Similar attacks - using other subjectAltName name types might be possible. Found and - reported by kFYatek in #3498. diff --git a/ChangeLog.d/x509parse_crl-empty_entry.txt b/ChangeLog.d/x509parse_crl-empty_entry.txt deleted file mode 100644 index 483abb10a..000000000 --- a/ChangeLog.d/x509parse_crl-empty_entry.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). - Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine - for pinpointing the problematic code. diff --git a/ChangeLog.d/x509write_csr_heap_alloc.txt b/ChangeLog.d/x509write_csr_heap_alloc.txt deleted file mode 100644 index abce20c4d..000000000 --- a/ChangeLog.d/x509write_csr_heap_alloc.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Reduce the stack consumption of mbedtls_x509write_csr_der() which - previously could lead to stack overflow on constrained devices. - Contributed by Doru Gucea and Simon Leet in #3464. diff --git a/ChangeLog.d/zeroising_of_plaintext_buffer.txt b/ChangeLog.d/zeroising_of_plaintext_buffer.txt deleted file mode 100644 index f618beb91..000000000 --- a/ChangeLog.d/zeroising_of_plaintext_buffer.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused - application data from memory. Reported in #689 by - Johan Uppman Bruce of Sectra. diff --git a/Makefile b/Makefile index d00183e5a..9344e71d9 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,7 @@ install: no_test uninstall: rm -rf $(DESTDIR)/include/mbedtls + rm -rf $(DESTDIR)/include/psa rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* @@ -126,12 +127,26 @@ apidoc_clean: endif ## Editor navigation files -C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +C_SOURCE_FILES = $(wildcard \ + 3rdparty/*/include/*/*.h 3rdparty/*/include/*/*/*.h 3rdparty/*/include/*/*/*/*.h \ + 3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \ + include/*/*.h \ + library/*.[hc] \ + programs/*/*.[hc] \ + tests/include/*/*.h tests/include/*/*/*.h \ + tests/src/*.c tests/src/*/*.c \ + tests/suites/*.function \ +) # Exuberant-ctags invocation. Other ctags implementations may require different options. CTAGS = ctags --langmap=c:+.h.function -o tags: $(C_SOURCE_FILES) $(CTAGS) $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES) +global: GPATH GRTAGS GSYMS GTAGS GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc +cscope: cscope.in.out cscope.po.out cscope.out +cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) + cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) +.PHONY: cscope global diff --git a/README.md b/README.md index 2058d24d6..ac2a6ab44 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ The design goals of the PSA cryptography API include: * The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired. * The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators. -* All access to the keys happens through handles, which allows support for external cryptoprocessors that is transparent to applications. +* All access to the keys happens through key identifiers, which allows support for external cryptoprocessors that is transparent to applications. * The interface to algorithms is generic, favoring algorithm agility. * The interface is designed to be easy to use and hard to accidentally misuse. diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 70563ae3c..b98fc9cde 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -1144,20 +1144,20 @@ */ //#define MBEDTLS_ENTROPY_NV_SEED -/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * - * In PSA key storage, encode the owner of the key. + * Enable key identifiers that encode a key owner identifier. * * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide - * an implementation of the type psa_key_owner_id_t and a translation - * from psa_key_file_id_t to file name in all the storage backends that + * multi-client service. When you activate this option, you must provide an + * implementation of the type mbedtls_key_owner_id_t and a translation from + * mbedtls_svc_key_id_t to file name in all the storage backends that you * you wish to support. * * Note that this option is meant for internal use only and may be removed * without notice. */ -//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /** * \def MBEDTLS_MEMORY_DEBUG diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 054cb9e15..f05a0d7cb 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -92,6 +92,8 @@ #define MBEDTLS_VERSION_C #define MBEDTLS_XTEA_C +#include "mbedtls/config_psa.h" + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index e7315ebc2..914bca3bb 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -107,14 +107,12 @@ Backward compatibility commitments: TBD ### Key names for 1.0.0 -Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier. +Information about each key is stored in a dedicated file designated by the key identifier. In integrations where there is no concept of key owner (in particular, in library integrations), the key identifier is exactly the key identifier as defined in the PSA Cryptography API specification (`psa_key_id_t`). In integrations where there is a concept of key owner (integration into a service for example), the key identifier is made of an owner identifier (its semantics and type are integration specific) and of the key identifier (`psa_key_id_t`) from the key owner point of view. -The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0). +The way in which the file name is constructed from the key identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0). -The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid. - -* Library integration: the key file name is just the key identifer. This is a 32-bit value. -* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value. +* Library integration: the key file name is just the key identifier as defined in the PSA crypto specification. This is a 32-bit value. +* PSA service integration: the key file name is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the owner point of view and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value. ### Key file format for 1.0.0 @@ -253,6 +251,7 @@ The layout of a key file is: * key material length (4 bytes). * key material: * For a transparent key: output of `psa_export_key`. + * For an opaque key (unified driver interface): driver-specific opaque key blob. * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness. * Any trailing data is rejected on load. @@ -282,3 +281,36 @@ The layout of a transaction file is: * The slot in the secure element designated by the slot number. * The file containing the key metadata designated by the key identifier. * The driver persistent data. + +Mbed Crypto TBD +--------------- + +Tags: TBD + +Released in TBD 2020.
+Integrated in Mbed OS TBD. + +### Changes introduced in TBD + +* The type field has been split into a type and a bits field of 2 bytes each. + +### Key file format for TBD + +All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated. + +The layout of a key file is: + +* magic (8 bytes): `"PSA\0KEY\0"`. +* version (4 bytes): 0. +* lifetime (4 bytes): `psa_key_lifetime_t` value. +* type (2 bytes): `psa_key_type_t` value. +* bits (2 bytes): `psa_key_bits_t` value. +* policy usage flags (4 bytes): `psa_key_usage_t` value. +* policy usage algorithm (4 bytes): `psa_algorithm_t` value. +* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value. +* key material length (4 bytes). +* key material: + * For a transparent key: output of `psa_export_key`. + * For an opaque key (unified driver interface): driver-specific opaque key blob. + * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness. +* Any trailing data is rejected on load. diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 744f19401..de611a567 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -100,7 +100,7 @@ Resources include: * Memory. * Files in storage (PSA API only — in the Mbed TLS API, black-box unit tests are sufficient). -* Key handles (PSA API only). +* Key slots (PSA API only). * Key slots in a secure element (PSA SE HAL). * Communication handles (PSA crypto service only). @@ -116,7 +116,7 @@ When code should clean up resources, how do we know that they have truly been cl * Zeroization of confidential data after use. * Freeing memory. -* Closing key handles. +* Freeing key slots. * Freeing key slots in a secure element. * Deleting files in storage (PSA API only). diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index bcf3e34f9..3db16e0a6 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -38,3 +38,12 @@ together with their level of testing: - The HKDF key derivation function on which the TLS 1.3 key schedule is based, is already present as an independent module controlled by `MBEDTLS_HKDF_C` independently of the development of the TLS 1.3 prototype. + +- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446): + * HKDF-Expand-Label + * Derive-Secret + - Secret evolution + * The traffic {Key,IV} generation from secret + Those functions are implemented in `library/ssl_tls13_keys.c` and + tested in `test_suite_ssl` using test vectors from RFC 8448 and + https://tls13.ulfheim.net/. diff --git a/docs/getting_started.md b/docs/getting_started.md index e274f49d7..15d5a3182 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -64,7 +64,7 @@ To use the Mbed Crypto APIs, call `psa_crypto_init()` before calling any other A ### Importing a key To use a key for cryptography operations in Mbed Crypto, you need to first -import it. Importing the key creates a handle that refers to the key for use +import it. The import operation returns the identifier of the key for use with other function calls. **Prerequisites to importing keys:** @@ -76,7 +76,7 @@ void import_a_key(const uint8_t *key, size_t key_len) { psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Import an AES key...\t"); fflush(stdout); @@ -95,7 +95,7 @@ void import_a_key(const uint8_t *key, size_t key_len) psa_set_key_bits(&attributes, 128); /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import key\n"); return; @@ -106,7 +106,7 @@ void import_a_key(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -135,7 +135,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) 0xa9, 0xe8, 0xcc, 0xac, 0xd0, 0xf6, 0x54, 0x5c}; uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length; - psa_key_handle_t handle; + psa_key_id_t key; printf("Sign a message...\t"); fflush(stdout); @@ -154,14 +154,14 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) psa_set_key_bits(&attributes, 1024); /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import key\n"); return; } /* Sign message using the key */ - status = psa_sign_hash(handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + status = psa_sign_hash(key, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, hash, sizeof(hash), signature, sizeof(signature), &signature_length); @@ -176,7 +176,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -188,7 +188,7 @@ Mbed Crypto supports encrypting and decrypting messages using various symmetric **Prerequisites to working with the symmetric cipher API:** * Initialize the library with a successful call to `psa_crypto_init()`. -* Have a handle to a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption. +* Have a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption. **To encrypt a message with a symmetric cipher:** 1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions. @@ -213,7 +213,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) size_t iv_len; uint8_t output[block_size]; size_t output_len; - psa_key_handle_t handle; + psa_key_id_t key; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; printf("Encrypt with cipher...\t"); @@ -232,7 +232,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -240,7 +240,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Encrypt the plaintext */ - status = psa_cipher_encrypt_setup(&operation, handle, alg); + status = psa_cipher_encrypt_setup(&operation, key, alg); if (status != PSA_SUCCESS) { printf("Failed to begin cipher operation\n"); return; @@ -268,7 +268,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_cipher_abort(&operation); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -298,7 +298,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) uint8_t iv[block_size] = ENCRYPTED_WITH_IV; uint8_t output[block_size]; size_t output_len; - psa_key_handle_t handle; + psa_key_id_t key; printf("Decrypt with cipher...\t"); fflush(stdout); @@ -316,7 +316,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -324,7 +324,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Decrypt the ciphertext */ - status = psa_cipher_decrypt_setup(&operation, handle, alg); + status = psa_cipher_decrypt_setup(&operation, key, alg); if (status != PSA_SUCCESS) { printf("Failed to begin cipher operation\n"); return; @@ -352,7 +352,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_cipher_abort(&operation); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -592,8 +592,8 @@ derived from the key, salt and info provided: PSA_KEY_DERIVATION_OPERATION_INIT; size_t derived_bits = 128; size_t capacity = PSA_BITS_TO_BYTES(derived_bits); - psa_key_handle_t base_key; - psa_key_handle_t derived_key; + psa_key_id_t base_key; + psa_key_id_t derived_key; printf("Derive a key (HKDF)...\t"); fflush(stdout); @@ -702,7 +702,7 @@ This example shows how to authenticate and encrypt a message: size_t output_length = 0; size_t tag_length = 16; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Authenticate encrypt...\t"); fflush(stdout); @@ -726,11 +726,11 @@ This example shows how to authenticate and encrypt a message: psa_set_key_algorithm(&attributes, PSA_ALG_CCM); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, sizeof(key), &handle); + status = psa_import_key(&attributes, key, sizeof(key), &key); psa_reset_key_attributes(&attributes); /* Authenticate and encrypt */ - status = psa_aead_encrypt(handle, PSA_ALG_CCM, + status = psa_aead_encrypt(key, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data), input_data, sizeof(input_data), @@ -747,7 +747,7 @@ This example shows how to authenticate and encrypt a message: free(output_data); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` @@ -756,7 +756,7 @@ This example shows how to authenticate and decrypt a message: ```C psa_status_t status; - static const uint8_t key[] = { + static const uint8_t key_data[] = { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }; static const uint8_t nonce[] = { @@ -773,7 +773,7 @@ This example shows how to authenticate and decrypt a message: size_t output_size = 0; size_t output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Authenticate decrypt...\t"); fflush(stdout); @@ -797,7 +797,7 @@ This example shows how to authenticate and decrypt a message: psa_set_key_algorithm(&attributes, PSA_ALG_CCM); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, sizeof(key), &handle); + status = psa_import_key(&attributes, key_data, sizeof(key_data), &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -805,7 +805,7 @@ This example shows how to authenticate and decrypt a message: psa_reset_key_attributes(&attributes); /* Authenticate and decrypt */ - status = psa_aead_decrypt(handle, PSA_ALG_CCM, + status = psa_aead_decrypt(key, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data), input_data, sizeof(input_data), @@ -822,7 +822,7 @@ This example shows how to authenticate and decrypt a message: free(output_data); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` @@ -848,7 +848,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. size_t exported_length = 0; static uint8_t exported[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Generate a key pair...\t"); fflush(stdout); @@ -867,14 +867,14 @@ Mbed Crypto provides a simple way to generate a key or key pair. psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); psa_set_key_bits(&attributes, key_bits); - status = psa_generate_key(&attributes, &handle); + status = psa_generate_key(&attributes, &key); if (status != PSA_SUCCESS) { printf("Failed to generate key\n"); return; } psa_reset_key_attributes(&attributes); - status = psa_export_public_key(handle, exported, sizeof(exported), + status = psa_export_public_key(key, exported, sizeof(exported), &exported_length); if (status != PSA_SUCCESS) { printf("Failed to export public key %ld\n", status); @@ -884,7 +884,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. printf("Exported a public key\n"); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile index 2132b0843..1c314640b 100644 --- a/docs/proposed/Makefile +++ b/docs/proposed/Makefile @@ -3,6 +3,7 @@ PANDOC = pandoc default: all all_markdown = \ + psa-conditional-inclusion-c.md \ psa-driver-developer-guide.md \ psa-driver-integration-guide.md \ psa-driver-interface.md \ diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md new file mode 100644 index 000000000..52138b174 --- /dev/null +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -0,0 +1,238 @@ +Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS +================================================================================ + +This document is a proposed interface for deciding at build time which cryptographic mechanisms to include in the PSA Cryptography interface. + +This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. + +Time-stamp: "2020/11/26 09:30:50 GMT" + +## Introduction + +### Purpose of this specification + +The [PSA Cryptography API specification](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) specifies the interface between a PSA Cryptography implementation and an application. The interface defines a number of categories of cryptographic algorithms (hashes, MAC, signatures, etc.). In each category, a typical implementation offers many algorithms (e.g. for signatures: RSA-PKCS#1v1.5, RSA-PSS, ECDSA). When building the implementation for a specific use case, it is often desirable to include only a subset of the available cryptographic mechanisms, primarily in order to reduce the code footprint of the compiled system. + +The present document proposes a way for an application using the PSA cryptography interface to declare which mechanisms it requires. + +### Conditional inclusion of legacy cryptography modules + +Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. + +### PSA evolution + +In the PSA cryptography interface, the **core** (built-in implementations of cryptographic mechanisms) can be augmented with drivers. **Transparent drivers** replace the built-in implementation of a cryptographic mechanism (or, with **fallback**, the built-in implementation is tried if the driver only has partial support for the mechanism). **Opaque drivers** implement cryptographic mechanisms on keys which are stored in a separate domain such as a secure element, for which the core only does key management and dispatch using wrapped key blobs or key identifiers. + +The current model is difficult to adapt to the PSA interface for several reasons. The `MBEDTLS_xxx_ALT` symbols are somewhat inconsistent, and in particular do not work well for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` symbol, so a platform with ECC acceleration that can perform all ECDSA and ECDH operations in the accelerator would still embark the `bignum` module and large parts of the `ecp_curves`, `ecp` and `ecdsa` modules. Also the availability of a transparent driver for a mechanism does not translate directly to `MBEDTLS_xxx` symbols. + +### Requirements + +[Req.interface] The application can declare which cryptographic mechanisms it needs. + +[Req.inclusion] If the application does not require a mechanism, a suitably configured Mbed TLS build must not include it. The granularity of mechanisms must work for typical use cases and has [acceptable limitations](#acceptable-limitations). + +[Req.drivers] If a PSA driver is available in the build, a suitably configured Mbed TLS build must not include the corresponding software code (unless a software fallback is needed). + +[Req.c] The configuration mechanism consists of C preprocessor definitions, and the build does not require tools other than a C compiler. This is necessary to allow building an application and Mbed TLS in development environments that do not allow third-party tools. + +[Req.adaptability] The implementation of the mechanism must be adaptable with future evolution of the PSA cryptography specifications and Mbed TLS. Therefore the interface must remain sufficiently simple and abstract. + +### Acceptable limitations + +[Limitation.matrix] If a mechanism is defined by a combination of algorithms and key types, for example a block cipher mode (CBC, CTR, CFB, …) and a block permutation (AES, CAMELLIA, ARIA, …), there is no requirement to include only specific combinations. + +[Limitation.direction] For mechanisms that have multiple directions (for example encrypt/decrypt, sign/verify), there is no requirement to include only one direction. + +[Limitation.size] There is no requirement to include only support for certain key sizes. + +[Limitation.multipart] Where there are multiple ways to perform an operation, for example single-part and multi-part, there is no mechanism to select only one or a subset of the possible ways. + +## Interface + +### PSA Crypto configuration file + +The PSA Crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. + +The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h` is used. + +* If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols. +* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. + +### PSA Crypto configuration symbols + +#### Configuration symbol syntax + +A PSA Crypto configuration symbol is a C preprocessor symbol whose name starts with `PSA_WANT_`. + +* If the symbol is not defined, the corresponding feature is not included. +* If the symbol is defined to a preprocessor expression with the value `1`, the corresponding feature is included. +* If the symbol is defined with a different value, the behavior is currently undefined and reserved for future use. + +#### Configuration symbol usage + +The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available through the PSA API. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism through the PSA API, including: + +* In Mbed TLS test code. +* In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which cipher suites to enable. +* In application code that provides additional features based on cryptographic capabilities, for example additional key parsing and formatting functions, or cipher suite availability for network protocols. + +#### Configuration symbol semantics + +If a feature is not requested for inclusion in the PSA Crypto configuration file, it may still be included in the build, either because the feature has been requested in some other way, or because the library does not support the exclusion of this feature. Mbed TLS should make a best effort to support the exclusion of all features, but in some cases this may be judged too much effort for too little benefit. + +#### Configuration symbols for key types + +For each constant or constructor macro of the form `PSA_KEY_TYPE_xxx`, the symbol **`PSA_WANT_KEY_TYPE_xxx`** indicates that support for this key type is desired. + +For asymmetric cryptography, `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR` determines whether private-key operations are desired, and `PSA_WANT_KEY_TYPE_xxx_PUBLIC_KEY` determines whether public-key operations are desired. `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR` implicitly enables `PSA_WANT_KEY_TYPE_xxx_PUBLIC_KEY`: there is no way to only include private-key operations (which typically saves little code). + +#### Configuration symbols for curves + +For elliptic curve key types, only the specified curves are included. To include a curve, include a symbol of the form **`PSA_WANT_ECC_family_size`**. For example: `PSA_WANT_ECC_SECP_R1_256` for secp256r1, `PSA_WANT_ECC_MONTGOMERY_CURVE25519`. It is an error to require an ECC key type but no curve, and Mbed TLS will reject this at compile time. + +#### Configuration symbols for algorithms + +For each constant or constructor macro of the form `PSA_ALG_xxx`, the symbol **`PSA_WANT_ALG_xxx`** indicates that support for this algorithm is desired. + +For parametrized algorithms, the `PSA_WANT_ALG_xxx` symbol indicates whether the base mechanism is supported. Parameters must themselves be included through their own `PSA_WANT_ALG_xxx` symbols. It is an error to include a base mechanism without at least one possible parameter, and Mbed TLS will reject this at compile time. For example, `PSA_WANT_ALG_ECDSA` requires the inclusion of randomized ECDSA for all hash algorithms whose corresponding symbol `PSA_WANT_ALG_xxx` is enabled. + +## Implementation + +### Additional non-public symbols + +#### Accounting for transparent drivers + +In addition to the [configuration symbols](#psa-crypto-configuration-symbols), we need two parallel or mostly parallel sets of symbols: + +* **`MBEDTLS_PSA_ACCEL_xxx`** indicates whether a fully-featured, fallback-free transparent driver is available. +* **`MBEDTLS_PSA_BUILTIN_xxx`** indicates whether the software implementation is needed. + +`MBEDTLS_PSA_ACCEL_xxx` is one of the outputs of the transpilation of a driver description, alongside the glue code for calling the drivers. + +`MBEDTLS_PSA_BUILTIN_xxx` is enabled when `PSA_WANT_xxx` is enabled and `MBEDTLS_PSA_ACCEL_xxx` is disabled. + +These symbols are not part of the public interface of Mbed TLS towards applications or to drivers, regardless of whether the symbols are actually visible. + +### Architecture of symbol definitions + +#### New-style definition of configuration symbols + +When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. + +`mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements. + +#### Old-style definition of configuration symbols + +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). + +The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`. + +Since some existing applications use a handwritten `mbedtls/config.h` or an edited copy of `mbedtls/config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`). + +#### Summary of definitions of configuration symbols + +Whether `MBEDTLS_PSA_CRYPTO_CONFIG` is set or not, `mbedtls/config_psa.h` includes `mbedtls/crypto_drivers.h`, a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. + +The following table summarizes where symbols are defined depending on the configuration mode. + +* (U) indicates a symbol that is defined by the user (application). +* (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS. +* (G) indicates a symbol that is generated from driver descriptions. + +| Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` | +| ------------------------- | -------------------------------- | ----------------------------------- | +| `MBEDTLS_xxx_C` | `mbedtls/config.h` (U) or | `mbedtls/config.h` (U) | +| | `mbedtls/config_psa.h` (D) | | +| `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) | +| `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) | +| `MBEDTLS_PSA_ACCEL_xxx` | `mbedtls/crypto_drivers.h` (G) | N/A | + +#### Visibility of internal symbols + +Ideally, the `MBEDTLS_PSA_ACCEL_xxx` and `MBEDTLS_PSA_BUILTIN_xxx` symbols should not be visible to application code or driver code, since they are not part of the public interface of the library. However these symbols are needed to deduce whether to include library modules (for example `MBEDTLS_AES_C` has to be enabled if `MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES` is enabled), which makes it difficult to keep them private. + +#### Compile-time checks + +The header file **`library/psa_check_config.h`** applies sanity checks to the configuration, throwing `#error` if something is wrong. + +A mechanism similar to `mbedtls/check_config.h` detects errors such as enabling ECDSA but no curve. + +Since configuration symbols must be undefined or 1, any other value should trigger an `#error`. + +#### Automatic generation of preprocessor symbol manipulations + +A lot of the preprocessor symbol manipulation is systematic calculations that analyze the configuration. `mbedtls/config_psa.h` and `library/psa_check_config.h` should be generated automatically, in the same manner as `version_features.c`. + +### Structure of PSA Crypto library code + +#### Conditional inclusion of library entry points + +An entry point can be eliminated entirely if no algorithm requires it. + +#### Conditional inclusion of mechanism-specific code + +Code that is specific to certain key types or to certain algorithms must be guarded by the applicable symbols: `PSA_WANT_xxx` for code that is independent of the application, and `MBEDTLS_PSA_BUILTIN_xxx` for code that calls an Mbed TLS software implementation. + +## PSA standardization + +### JSON configuration mechanism + +At the time of writing, the preferred configuration mechanism for a PSA service is in JSON syntax. The translation from JSON to build instructions is not specified by PSA. + +For PSA Crypto, the preferred configuration mechanism would be similar to capability specifications of transparent drivers. The same JSON properties that are used to mean “this driver can perform that mechanism” in a driver description would be used to mean “the application wants to perform that mechanism” in the application configuration. + +### From JSON to C + +The JSON capability language allows a more fine-grained selection than the C mechanism proposed here. For example, it allows requesting only single-part mechanisms, only certain key sizes, or only certain combinations of algorithms and key types. + +The JSON capability language can be translated approximately to the boolean symbol mechanism proposed here. The approximation considers a feature to be enabled if any part of it is enabled. For example, if there is a capability for AES-CTR and one for CAMELLIA-GCM, the translation to boolean symbols will also include AES-GCM and CAMELLIA-CTR. If there is a capability for AES-128, the translation will also include AES-192 and AES-256. + +The boolean symbol mechanism proposed here can be translated to a list of JSON capabilities: for each included algorithm, include a capability with that algorithm, the key types that apply to that algorithm, no size restriction, and all the entry points that apply to that algorithm. + +## Open questions + +### Open questions about the interface + +#### Naming of symbols + +The names of [elliptic curve symbols](#configuration-symbols-for-curves) are a bit weird: `SECP_R1_256` instead of `SECP256R1`. Should we make them more classical, but less systematic? + +#### Impossible combinations + +What does it mean to have `PSA_WANT_ALG_ECDSA` enabled but with only Curve25519? Is it a mandatory error? + +#### Diffie-Hellman + +Way to request only specific groups? Not a priority: constrained devices don't do FFDH. Specify it as may change in future versions. + +#### Coexistence with the current Mbed TLS configuration + +The two mechanisms have very different designs. Is there serious potential for confusion? Do we understand how the combinations work? + +### Open questions about the design + +#### Algorithms without a key type or vice versa + +Is it realistic to mandate a compile-time error if a key type is required, but no matching algorithm, or vice versa? Is it always the right thing, for example if there is an opaque driver that manipulates this key type? + +#### Opaque-only mechanisms + +If a mechanism should only be supported in an opaque driver, what does the core need to know about it? Do we have all the information we need? + +This is especially relevant to suppress a mechanism completely if there is no matching algorithm. For example, if there is no transparent implementation of RSA or ECDSA, `psa_sign_hash` and `psa_verify_hash` may still be needed if there is an opaque signature driver. + +### Open questions about the implementation + +#### Testability + +Is this proposal decently testable? There are a lot of combinations. What combinations should we test? + + diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index ca24441d5..70cb9d397 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -5,7 +5,7 @@ PSA Cryptoprocessor driver developer's guide This document describes how to write drivers of cryptoprocessors such as accelerators and secure elements for the PSA cryptography subsystem of Mbed TLS. -This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](architecture/psa-driver-interface.md). +This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](psa-driver-interface.html). The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled. @@ -24,7 +24,7 @@ There are two types of drivers: To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. Depending on the driver type, you may also need to define some C types and macros in a header file. -The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](architecture/psa-driver-interface.md#driver-description-syntax) of the PSA cryptography driver interface specification. +The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](psa-driver-interface.html#driver-description-syntax) of the PSA cryptography driver interface specification. A driver therefore consists of: @@ -34,11 +34,7 @@ A driver therefore consists of: ## Driver C interfaces -Mbed TLS calls [driver functions as specified in the PSA Cryptography Driver Interface specification](architecture/psa-driver-interface.md#) except as otherwise indicated in this section. - -### Key handles - -Mbed TLS currently implements the interface for opening and closing persistent keys from version 1.0 beta 3 of the PSA Crypto specification. As a consequence, functions that operate on an existing key take an argument of type `psa_key_handle_t` instead of `psa_key_id_t`. Functions that create a new key take an argument of type `psa_key_handle_t *` instead of `psa_key_id_t *`. +Mbed TLS calls driver entry points [as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. ## Building and testing your driver diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 8ef972a1f..d82579462 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,15 +5,15 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/05 20:37:24 GMT" +Time-stamp: "2020/11/24 11:03:32 GMT" ## Introduction ### Purpose of the driver interface -The PSA Cryptography API defines an interface that allows applications to perform cryptographic operations in a uniform way regardless of how the operations are performed. Under the hood, different keys may be processed in different hardware or in different logical partitions, and different algorithms may involve different hardware or software components. +The PSA Cryptography API defines an interface that allows applications to perform cryptographic operations in a uniform way regardless of how the operations are performed. Under the hood, different keys may be stored and used in different hardware or in different logical partitions, and different algorithms may involve different hardware or software components. -The driver interface allows implementations of the PSA Crypytography API to be built compositionally. An implementation of the PSA Cryptography API is composed of a **core** and zero or more **drivers**. The core handles key management, enforces key usage policies, and dispatches cryptographic operations either to the applicable driver or to built-in code. +The driver interface allows implementations of the PSA Cryptography API to be built compositionally. An implementation of the PSA Cryptography API is composed of a **core** and zero or more **drivers**. The core handles key management, enforces key usage policies, and dispatches cryptographic operations either to the applicable driver or to built-in code. Functions in the PSA Cryptography API invoke functions in the core. Code from the core calls drivers as described in the present document. @@ -21,12 +21,12 @@ Functions in the PSA Cryptography API invoke functions in the core. Code from th The PSA Cryptography driver interface supports two types of cryptoprocessors, and accordingly two types of drivers. -* **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext at the beginning of each operation. They are typically used for hardware **accelerators**. When a transparent driver is available for a particular combination of parameters (cryptographic algorithm, key type and size, etc.), it is used instead of the default software implementation. Transparent drivers can also be pure software implementations that are distributed as plug-ins to a PSA Crypto implementation (for example, an alternative implementation with different performance characteristics, or a certified implementation). +* **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext at the beginning of each operation. They are typically used for hardware **accelerators**. When a transparent driver is available for a particular combination of parameters (cryptographic algorithm, key type and size, etc.), it is used instead of the default software implementation. Transparent drivers can also be pure software implementations that are distributed as plug-ins to a PSA Cryptography implementation (for example, an alternative implementation with different performance characteristics, or a certified implementation). * **Opaque** drivers implement cryptographic operations on keys that can only be used inside a protected environment such as a **secure element**, a hardware security module, a smartcard, a secure enclave, etc. An opaque driver is invoked for the specific [key location](#lifetimes-and-locations) that the driver is registered for: the dispatch is based on the key's lifetime. ### Requirements -The present specification was designed to fulfil the following high-level requirements. +The present specification was designed to fulfill the following high-level requirements. [Req.plugins] It is possible to combine multiple drivers from different providers into the same implementation, without any prior arrangement other than choosing certain names and values from disjoint namespaces. @@ -34,7 +34,7 @@ The present specification was designed to fulfil the following high-level requir [Req.types] Support drivers for the following types of hardware: accelerators that operate on keys in cleartext; cryptoprocessors that can wrap keys with a built-in keys but not store user keys; and cryptoprocessors that store key material. -[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C functions. Interactions between driver code and hardware happen inside the driver (and in fact a driver need not involve any hardware at all). +[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C function calls. Interactions with platform-specific hardware happen only inside the driver (and in fact a driver need not involve any hardware at all). [Req.location] Applications can tell which location values correspond to which secure element drivers. @@ -46,54 +46,94 @@ The present specification was designed to fulfil the following high-level requir ### Deliverables for a driver -To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. Depending on the driver type, you may also need to define some C types and macros in a header file. +To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. If the driver description references custom types, macros or constants, you also need to provide C header files defining those elements. The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](#driver-description-syntax). A driver therefore consists of: * A driver description file (in JSON format). -* C header files defining the types required by the driver description. The names of these header files is declared in the driver description file. -* An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled. +* C header files defining the types required by the driver description. The names of these header files are declared in the driver description file. +* An object file compiled for the target platform defining the entry point functions specified by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled. How to provide the driver description file, the C header files and the object code is implementation-dependent. -Implementations should support multiple drivers. - ### Driver description syntax The concrete syntax for a driver description file is JSON. +#### Driver description list + +PSA Cryptography core implementations should support multiple drivers. The driver description files are passed to the implementation as an ordered list in an unspecified manner. This may be, for example, a list of file names passed on a command line, or a JSON list whose elements are individual driver descriptions. + #### Driver description top-level element A driver description is a JSON object containing the following properties: * `"prefix"` (mandatory, string). This must be a valid prefix for a C identifier. All the types and functions provided by the driver have a name that starts with this prefix unless overridden with a `"name"` element in the applicable capability as described below. * `"type"` (mandatory, string). One of `"transparent"` or `"opaque"`. -* `"headers"` (optional, array of strings). A list of header files. These header files must define the types provided by the driver and may declare the functions provided by the driver. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. +* `"headers"` (optional, array of strings). A list of header files. These header files must define the types, macros and constants referenced by the driver description. They may declare the entry point functions, but this is not required. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. The header files must be present at the specified location relative to a directory on the compiler's include path when compiling glue code between the core and the drivers. * `"capabilities"` (mandatory, array of [capabilities](#driver-description-capability)). A list of **capabilities**. Each capability describes a family of functions that the driver implements for a certain class of cryptographic mechanisms. * `"key_context"` (not permitted for transparent drivers, mandatory for opaque drivers): information about the [representation of keys](#key-format-for-opaque-drivers). * `"persistent_state_size"` (not permitted for transparent drivers, optional for opaque drivers, integer or string). The size in bytes of the [persistent state of the driver](#opaque-driver-persistent-state). This may be either a non-negative integer or a C constant expression of type `size_t`. * `"location"` (not permitted for transparent drivers, optional for opaque drivers, integer or string). The [location value](#lifetimes-and-locations) for which this driver is invoked. In other words, this determines the lifetimes for which the driver is invoked. This may be either a non-negative integer or a C constant expression of type `psa_key_location_t`. -#### Driver description capability +### Driver description capability + +#### Capability syntax A capability declares a family of functions that the driver implements for a certain class of cryptographic mechanisms. The capability specifies which key types and algorithms are covered and the names of the types and functions that implement it. A capability is a JSON object containing the following properties: -* `"functions"` (optional, list of strings). Each element is the name of a [driver function](#driver-functions) or driver function family. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied functions, as well as the types if applicable. +* `"entry_points"` (mandatory, list of strings). Each element is the name of a [driver entry point](#driver-entry-points) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. The driver must implement all the specified entry points, as well as the types if applicable. * `"algorithms"` (optional, list of strings). Each element is an [algorithm specification](#algorithm-specifications). If specified, the core will invoke this capability of the driver only when performing one of the specified algorithms. If omitted, the core will invoke this capability for all applicable algorithms. * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. -* `"names"` (optional, object). A mapping from entry point names described by the `"functions"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). -* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the core should not include built-in code to perform this particular cryptographic mechanism. See the section “[Fallback](#fallback)” for more information. +* `"names"` (optional, object). A mapping from entry point names described by the `"entry_points"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). +* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capability. See the section “[Fallback](#fallback)” for more information. -Example: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. +#### Capability semantics + +When the PSA Cryptography implementation performs a cryptographic mechanism, it invokes available driver entry points as described in the section [“Driver entry points”](#driver-entry-points). + +A driver is considered available for a cryptographic mechanism that invokes a given entry point if all of the following conditions are met: + +* The driver specification includes a capability whose `"entry_points"` list either includes the entry point or includes an entry point family that includes the entry point. +* If the mechanism involves an algorithm: + * either the capability does not have an `"algorithms"` property; + * or the value of the capability's `"algorithms"` property includes an [algorithm specification](#algorithm-specifications) that matches this algorithm. +* If the mechanism involves a key: + * either the key is transparent (its location is `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver is transparent; + * or the key is opaque (its location is not `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver is an opaque driver whose location is the key's location. +* If the mechanism involves a key: + * either the capability does not have a `"key_types"` property; + * or the value of the capability's `"key_types"` property includes a [key type specification](#key-type-specifications) that matches this algorithm. +* If the mechanism involves a key: + * either the capability does not have a `"key_sizes"` property; + * or the value of the capability's `"key_sizes"` property includes the key's size. + +If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and all the capabilities map the entry point to the same function name, the driver is considered available for this cryptographic mechanism. If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and at least two of these capabilities map the entry point to the different function names, the driver specification is invalid. + +If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, the first matching driver in the [specification list](#driver-description-list) is invoked. If the capability has [fallback](#fallback) enabled and the first driver returns `PSA_ERROR_NOT_SUPPORTED`, the next matching driver is invoked, and so on. + +If multiple opaque drivers have the same location, the list of driver specifications is invalid. + +#### Capability examples + +Example 1: the following capability declares that the driver can perform deterministic ECDSA signatures (but not signature verification) using any hash algorithm and any curve that the core supports. If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. ``` { - "functions": ["sign_hash"], + "entry_points": ["sign_hash"], + "algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)"], +} +``` + +Example 2: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. +``` +{ + "entry_points": ["sign_hash"], "algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)", "PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384)"], "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)"], @@ -105,7 +145,7 @@ Example: the following capability declares that the driver can perform determini #### Algorithm specifications -An algorithm specification is a string consisting of a `PSA_ALG_xxx` macro that specifies a cryptographic algorithm defined by the PSA Cryptography API. If the macro takes arguments, the string must have the syntax of a C macro call and each argument must be an algorithm specification or a decimal or hexadecimal literal with no suffix, depending on the expected type of argument. +An algorithm specification is a string consisting of a `PSA_ALG_xxx` macro that specifies a cryptographic algorithm or an algorithm wildcard policy defined by the PSA Cryptography API. If the macro takes arguments, the string must have the syntax of a C macro call and each argument must be an algorithm specification or a decimal or hexadecimal literal with no suffix, depending on the expected type of argument. Spaces are optional after commas. Whether other whitespace is permitted is implementation-specific. @@ -114,6 +154,7 @@ Valid examples: PSA_ALG_SHA_256 PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH) ``` #### Key type specifications @@ -135,9 +176,9 @@ PSA_KEY_TYPE_ECC_KEY_PAIR(_) Drivers define functions, each of which implements an aspect of a capability of a driver, such as a cryptographic operation, a part of a cryptographic operation, or a key management action. These functions are called the **entry points** of the driver. Most driver entry points correspond to a particular function in the PSA Cryptography API. For example, if a call to `psa_sign_hash()` is dispatched to a driver, it invokes the driver's `sign_hash` function. -All driver entry points return a status of type `psa_status_t` which should use the status codes documented for PSA services in general and for PSA Crypto in particular: `PSA_SUCCESS` indicates that the function succeeded, and `PSA_ERROR_xxx` values indicate that an error occurred. +All driver entry points return a status of type `psa_status_t` which should use the status codes documented for PSA services in general and for PSA Cryptography in particular: `PSA_SUCCESS` indicates that the function succeeded, and `PSA_ERROR_xxx` values indicate that an error occurred. -The signature of a driver entry point generally looks like the signature of the PSA Crypto API that it implements, with some modifications. This section gives an overview of modifications that apply to whole classes of entry points. Refer to the reference section for each entry point or entry point family for details. +The signature of a driver entry point generally looks like the signature of the PSA Cryptography API that it implements, with some modifications. This section gives an overview of modifications that apply to whole classes of entry points. Refer to the reference section for each entry point or entry point family for details. * For entry points that operate on an existing key, the `psa_key_id_t` parameter is replaced by a sequence of three parameters that describe the key: 1. `const psa_key_attributes_t *attributes`: the key attributes. @@ -148,15 +189,20 @@ The signature of a driver entry point generally looks like the signature of the * For entry points that involve a multi-part operation, the operation state type (`psa_XXX_operation_t`) is replaced by a driver-specific operation state type (*prefix*`_XXX_operation_t`). -Some entry points are grouped in families that must be implemented as a whole. If a driver supports a entry point family, it must provide all the entry points in the family. +* For entry points that are involved in key creation, the `psa_key_id_t *` output parameter is replaced by a sequence of parameters that convey the key context: + 1. `uint8_t *key_buffer`: a buffer for the key material or key context. + 2. `size_t key_buffer_size`: the size of the key buffer in bytes. + 2. `size_t *key_buffer_length`: the length of the data written to the key buffer in bytes. + +Some entry points are grouped in families that must be implemented as a whole. If a driver supports an entry point family, it must provide all the entry points in the family. #### General considerations on driver entry point parameters Buffer parameters for driver entry points obey the following conventions: * An input buffer has the type `const uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. -* An output buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. A third parameter of type `size_t *` is provided to report the actual buffer size if the function succeeds. -* An in-out buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. Note that the buffer size does not change. +* An output buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. A third parameter of type `size_t *` is provided to report the actual length of the data written in the buffer if the function succeeds. +* An in-out buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. In-out buffers are only used when the input and the output have the same length. Buffers of size 0 may be represented with either a null pointer or a non-null pointer. @@ -201,15 +247,15 @@ This family corresponds to the calculation of a hash in multiple steps. This family applies to transparent drivers only. -This family requires the following type and functions: +This family requires the following type and entry points: * Type `"hash_operation_t"`: the type of a hash operation context. It must be possible to copy a hash operation context byte by byte, therefore hash operation contexts must not contain any embedded pointers (except pointers to global data that do not change after the setup step). * `"hash_setup"`: called by `psa_hash_setup()`. * `"hash_update"`: called by `psa_hash_update()`. * `"hash_finish"`: called by `psa_hash_finish()` and `psa_hash_verify()`. -* `"hash_abort"`: called by all multi-part hash functions. +* `"hash_abort"`: called by all multi-part hash functions of the PSA Cryptography API. -To verify a hash with `psa_hash_verify()`, the core calls the driver's *prefix`_hash_finish` entry point and compares the result with the reference hash value. +To verify a hash with `psa_hash_verify()`, the core calls the driver's *prefix*`_hash_finish` entry point and compares the result with the reference hash value. For example, a driver with the prefix `"acme"` that implements the `"hash_multipart"` entry point family must define the following type and entry points (assuming that the capability does not use the `"names"` property to declare different type and entry point names): @@ -261,7 +307,8 @@ This family requires the following type and entry points: * `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. -* `"key_derivation_abort"`: called by all key derivation functions. +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. +* `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers @@ -269,45 +316,127 @@ TODO ### Driver entry points for key management -The driver entry points for key management differs significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-transparent-drivers). Refer to the applicable section for each driver type. +The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. + +The entry points that create or format key data have the following prototypes for a driver with the prefix `"acme"`: + +``` +psa_status_t acme_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); // additional parameter, see below +psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length); +``` + +TODO: derivation, copy + +* The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface. +* For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`. +* The size of the key data buffer `key_buffer` is sufficient for the internal representation of the key. For a transparent driver, this is the key's [export format](#key-format-for-transparent-drivers). For an opaque driver, this is the size determined from the driver description and the key attributes, as specified in the section [“Key format for opaque drivers”](#key-format-for-opaque-drivers). +* For an opaque driver with an `"allocate_key"` entry point, the content of the key data buffer on entry is the output of that entry point. +* The `"import_key"` entry point must determine or validate the key size and set `*bits` as described in the section [“Key size determination on import”](#key-size-determination-on-import) below. + +All key creation entry points must ensure that the resulting key is valid as specified in the section [“Key validation”](#key-validation) below. This is primarily important for import entry points since the key data comes from the application. + +#### Key size determination on import + +The `"import_key"` entry point must determine or validate the key size. +The PSA Cryptography API exposes the key size as part of the key attributes. +When importing a key, the key size recorded in the key attributes can be either a size specified by the caller of the API (who may not be trusted), or `0` which indicates that the size must be calculated from the data. + +When the core calls the `"import_key"` entry point to process a call to `psa_import_key`, it passes an `attributes` structure such that `psa_get_key_bits(attributes)` is the size passed by the caller of `psa_import_key`. If this size is `0`, the `"import_key"` entry point must set the `bits` input-output parameter to the correct key size. The semantics of `bits` is as follows: + +* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. +* If `*bits == 0`, the driver must determine the key size from the data and set `*bits` to this size. If the key size cannot be determined from the data, the driver must return `PSA_ERROR_INVALID_ARGUMENT` (as of version 1.0 of the PSA Cryptography API specification, it is possible to determine the key size for all standard key types). +* If `*bits != 0`, the driver must check the value of `*bits` against the data and return `PSA_ERROR_INVALID_ARGUMENT` if it does not match. If the driver entry point changes `*bits` to a different value but returns `PSA_SUCCESS`, the core will consider the key as invalid and the import will fail. + +#### Key validation + +Key creation entry points must produce valid key data. Key data is _valid_ if operations involving the key are guaranteed to work functionally and not to cause indirect security loss. Operation functions are supposed to receive valid keys, and should not have to check and report invalid keys. For example: + +* If a cryptographic mechanism is defined as having keying material of a certain size, or if the keying material involves integers that have to be in a certain range, key creation must ensure that the keying material has an appropriate size and falls within an appropriate range. +* If a cryptographic operation involves a division by an integer which is provided as part of a key, key creation must ensure that this integer is nonzero. +* If a cryptographic operation involves two keys A and B (or more), then the creation of A must ensure that using it does not risk compromising B. This applies even if A's policy does not explicitly allow a problematic operation, but A is exportable. In particular, public keys that can potentially be used for key agreement are considered invalid and must not be created if they risk compromising the private key. +* On the other hand, it is acceptable for import to accept a key that cannot be verified as valid if using this key would at most compromise the key itself and material that is secured with this key. For example, RSA key import does not need to verify that the primes are actually prime. Key import may accept an insecure key if the consequences of the insecurity are no worse than a leak of the key prior to its import. + +With opaque drivers, the key context can only be used by code from the same driver, so key validity is primarily intended to report key creation errors at creation time rather than during an operation. With transparent drivers, the key context can potentially be used by code from a different provider, so key validity is critical for interoperability. + +This section describes some minimal validity requirements for standard key types. + +* For symmetric key types, check that the key size is suitable for the type. +* For DES (`PSA_KEY_TYPE_DES`), additionally verify the parity bits. +* For RSA (`PSA_KEY_TYPE_RSA_PUBLIC_KEY`, `PSA_KEY_TYPE_RSA_KEY_PAIR`), check the syntax of the key and make sanity checks on its components. TODO: what sanity checks? Value ranges (e.g. p < n), sanity checks such as parity, minimum and maximum size, what else? +* For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? +* For elliptic curve public keys (`PSA_KEY_TYPE_ECC_PUBLIC_KEY`), check the size and range, and that the point is on the curve. TODO: what else? ### Miscellaneous driver entry points #### Driver initialization -A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the driver calls this entry point once during the initialization of the PSA Crypto subsystem. If the init entry point of any driver fails, the initialization of the PSA Crypto subsystem fails. +A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the core calls this entry point once during the initialization of the PSA Cryptography subsystem. If the init entry point of any driver fails, the initialization of the PSA Cryptography subsystem fails. -When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' init functions are called if one or more init function fails. +When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' `"init"` entry points are called if one or more init entry point fails. -On platforms where the PSA Crypto implementation is a subsystem of a single application, the initialization of the PSA Crypto subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Crypto implementation is separate from the application or applications, the initialization the initialization of the PSA Crypto subsystem takes place before or during the first time an application calls `psa_crypto_init()`. +On platforms where the PSA Cryptography implementation is a subsystem of a single application, the initialization of the PSA Cryptography subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Cryptography implementation is separate from the application or applications, the initialization of the PSA Cryptography subsystem takes place before or during the first time an application calls `psa_crypto_init()`. -The init function does not take any parameter. +The init entry point does not take any parameter. ### Combining multiple drivers -To declare a cryptoprocessor can handle both cleartext and plaintext keys, you need to provide two driver descriptions, one for a transparent driver and one for an opaque driver. You can use the mapping in capabilities' `"names"` property to arrange for multiple driver entry points to map to the same C function. +To declare a cryptoprocessor can handle both cleartext and wrapped keys, you need to provide two driver descriptions, one for a transparent driver and one for an opaque driver. You can use the mapping in capabilities' `"names"` property to arrange for multiple driver entry points to map to the same C function. ## Transparent drivers ### Key format for transparent drivers -The format of a key for transparent drivers is the same as in applications. Refer to the documentation of `psa_export_key()` and `psa_export_public_key()`. +The format of a key for transparent drivers is the same as in applications. Refer to the documentation of [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) and [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key) in the PSA Cryptography API specification. For custom key types defined by an implementation, refer to the documentation of that implementation. ### Key management with transparent drivers Transparent drivers may provide the following key management entry points: -* `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). -* `"derive_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* [`"import_key"`](#key-import-with-transparent-drivers): called by `psa_import_key()`, only when importing a key pair or a public key (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this function at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. -Transparent drivers are not involved when importing, exporting, copying or destroying keys, or when generating or deriving symmetric keys. +Transparent drivers are not involved when exporting, copying or destroying keys, or when importing, generating or deriving symmetric keys. + +#### Key import with transparent drivers + +As discussed in [the general section about key management entry points](#driver-entry-points-for-key-management), the key import entry points has the following prototype for a driver with the prefix `"acme"`: +``` +psa_status_t acme_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); +``` + +This entry point has several roles: + +1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification. +2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) above. +3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. +4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. ### Fallback -If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the built-in software implementation will be called instead. Any other value (`PSA_SUCCESS` or a different error code) is returned to the application. +Sometimes cryptographic accelerators only support certain cryptographic mechanisms partially. The capability description language allows specifying some restrictions, including restrictions on key sizes, but it cannot cover all the possibilities that may arise in practice. Furthermore, it may be desirable to deploy the same binary image on different devices, only some of which have a cryptographic accelerators. +For these purposes, a transparent driver can declare that it only supports a [capability](#driver-description-capability) partially, by setting the capability's `"fallback"` property to true. -If there are multiple available transparent drivers, the core tries them in turn until one is declared without a true `"fallback"` property or returns a status other than `PSA_ERROR_NOT_SUPPORTED`. The order in which the drivers are called is unspecified and may be different for different entry points. +If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the core will call the next transparent driver that supports the mechanism, if there is one. The core considers drivers in the order given by the [driver description list](#driver-description-list). + +If all the available drivers have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. +As soon as a driver returns any value other than `PSA_ERROR_NOT_SUPPORTED` (`PSA_SUCCESS` or a different error code), this value is returned to the application, without attempting to call any other driver or built-in code. If a transparent driver entry point is part of a capability where the `"fallback"` property is false or omitted, the core should not include any other code for this capability, whether built in or in another transparent driver. @@ -379,13 +508,13 @@ If the key is stored in wrapped form outside the secure element, and the wrapped ### Key management with opaque drivers -Transparent drivers may provide the following key management entry points: +Opaque drivers may provide the following key management entry points: * `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. * `"import_key"`: called by `psa_import_key()`, or by `psa_copy_key()` when copying a key from another location. * `"generate_key"`: called by `psa_generate_key()`. -* `"derive_key"`: called by `psa_key_derivation_output_key()`. +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`. * `"copy_key"`: called by `psa_copy_key()` when copying a key within the same [location](#lifetimes-and-locations). In addition, secure elements that store the key material internally must provide the following two entry points: @@ -400,7 +529,7 @@ This section describes the key creation process for secure elements that do not When creating a key with an opaque driver which does not have an `"allocate_key"` or `"destroy_key"` entry point: 1. The core allocates memory for the key context. -2. The core calls the driver's import, generate, derive or copy function. +2. The core calls the driver's import, generate, derive or copy entry point. 3. The core saves the resulting wrapped key material and any other data that the key context may contain. To destroy a key, the core simply destroys the wrapped key material, without invoking driver code. @@ -412,7 +541,7 @@ This section describes the key creation and key destruction processes for secure * `"allocate_key"`: this function obtains an internal identifier for the key. This may be, for example, a unique label or a slot number. * `"destroy_key"`: this function invalidates the internal identifier and destroys the associated key material. -These functions have the following prototypes: +These functions have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_allocate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, @@ -439,7 +568,7 @@ If a failure occurs after the `"allocate_key"` step but before the call to the s To destroy a key, the core calls the driver's `"destroy_key"` entry point. -Note that the key allocation and destruction entry point must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Crypto API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: +Note that the key allocation and destruction entry points must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Cryptography API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: * Maintain a set of free slot numbers which is stored either in the secure element or in the driver's persistent storage. To allocate a key slot, find a free slot number, mark it as occupied and store the number in the key context. When the key is destroyed, mark the slot number as free. * Maintain a monotonic counter with a practically unbounded range in the secure element or in the driver's persistent storage. To allocate a key slot, increment the counter and store the current value in the key context. Destroying a key does not change the counter. @@ -450,37 +579,40 @@ TODO: some of the above doesn't apply to volatile keys #### Key creation entry points in opaque drivers -The key creation entry points have the following prototypes: +The key creation entry points have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, + size_t *key_buffer_length); ``` -If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure-element-with-storage), the core calls the `"allocate_key"` entry point with the same attributes on the same key buffer before calling the key creation function. +If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure-element-with-storage), the core calls the `"allocate_key"` entry point with the same attributes on the same key buffer before calling the key creation entry point. TODO: derivation, copy #### Key export entry points in opaque drivers -The key export entry points have the following prototypes: +The key export entry points have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_export_key(const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); psa_status_t acme_export_public_key(const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); @@ -524,7 +656,7 @@ Transparent drivers linked into the library are automatically used for the mecha Each opaque driver is assigned a [location](#lifetimes-and-locations). The driver is invoked for all actions that use a key in that location. A key's location is indicated by its lifetime. The application chooses the key's lifetime when it creates the key. -For example, the following snippet creates an AES-GCM key which is only accessible inside a secure element. +For example, the following snippet creates an AES-GCM key which is only accessible inside the secure element designated by the location `PSA_KEY_LOCATION_acme`. ``` psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( @@ -534,8 +666,8 @@ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_size(&attributes, 128); psa_set_key_algorithm(&attributes, PSA_ALG_GCM); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); -psa_key_handle_t handle = 0; -psa_generate_key(&attributes, &handle); +psa_key_id_t key; +psa_generate_key(&attributes, &key); ``` ## Using opaque drivers from an application @@ -574,9 +706,9 @@ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION ### Driver declarations -#### Declaring driver functions +#### Declaring driver entry points -The core may want to provide declarations for the driver functions so that it can compile code using them. At the time of writing this paragraph, the driver headers must define types but there is no obligation for them to declare functions. The core knows what the function names and argument types are, so it can generate prototypes. +The core may want to provide declarations for the driver entry points so that it can compile code using them. At the time of writing this paragraph, the driver headers must define types but there is no obligation for them to declare functions. The core knows what the function names and argument types are, so it can generate prototypes. It should be ok for driver functions to be function-like macros or function pointers. @@ -586,6 +718,14 @@ How does a driver author decide which location values to use? It should be possi Can the driver assembly process generate distinct location values as needed? This can be convenient, but it's also risky: if you upgrade a device, you need the location values to be the same between builds. +The current plan is for Arm to maintain a registry of vendors and assign a location namespace to each vendor. Parts of the namespace would be reserved for implementations and integrators. + +#### Multiple transparent drivers + +When multiple transparent drivers implement the same mechanism, which one is called? The first one? The last one? Unspecified? Or is this an error (excluding capabilities with fallback enabled)? + +The current choice is that the first one is used, which allows having a preference order on drivers, but may mask integration errors. + ### Driver function interfaces #### Driver function parameter conventions @@ -619,6 +759,16 @@ ECC key pairs are represented as the private key value only. The public key need The specification doesn't mention when the public key might be calculated. The core may calculate it on creation, on demand, or anything in between. Opaque drivers have a choice of storing the public key in the key context or calculating it on demand and can convey whether the core should store the public key with the `"store_public_key"` property. Is this good enough or should the specification include non-functional requirements? +#### Symmetric key validation with transparent drivers + +Should the entry point be called for symmetric keys as well? + +#### Support for custom import formats + +[“Driver entry points for key management”](#driver-entry-points-for-key-management) states that the input to `"import_key"` can be an implementation-defined format. Is this a good idea? It reduces driver portability, since a core that accepts a custom format would not work with a driver that doesn't accept this format. On the other hand, if a driver accepts a custom format, the core should let it through because the driver presumably handles it more efficiently (in terms of speed and code size) than the core could. + +Allowing custom formats also causes a problem with import: the core can't know the size of the key representation until it knows the bit-size of the key, but determining the bit-size of the key is part of the job of the `"import_key"` entry point. For standard key types, this could plausibly be an issue for RSA private keys, where an implementation might accept a custom format that omits the CRT parameters (or that omits *d*). + ### Opaque drivers #### Opaque driver persistent state diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 1bb6f3702..c13b27951 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -22,7 +22,7 @@ */ /** - * @mainpage mbed TLS v2.23.0 source code documentation + * @mainpage mbed TLS v2.24.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index e89021a21..bf33dabc7 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.23.0" +PROJECT_NAME = "mbed TLS v2.24.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 0d019b9c4..637360e30 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -61,12 +61,12 @@ * Maximum window size used for modular exponentiation. Default: 6 * Minimum value: 1. Maximum value: 6. * - * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used + * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used * for the sliding window calculation. (So 64 by default) * * Reduction in size, reduces speed. */ -#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ #if !defined(MBEDTLS_MPI_MAX_SIZE) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 81965ba4d..7193863c3 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -148,7 +148,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * than zero, \p output must be a writable buffer of at least * that length. * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * writable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -193,7 +193,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * than zero, \p output must be a writable buffer of at least * that length. * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * writable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 120c1d32f..1ebb7066a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -609,6 +609,11 @@ #error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO." +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" @@ -871,6 +876,10 @@ #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) ) +#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 014786ad5..8827e0b79 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -227,10 +227,30 @@ enum { }; /** Maximum length of any IV, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. + * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined + * in ssl_internal.h. */ #define MBEDTLS_MAX_IV_LENGTH 16 + /** Maximum block size of any cipher, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. + * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined + * in ssl_internal.h. */ #define MBEDTLS_MAX_BLOCK_LENGTH 16 +/** Maximum key length, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. + * For now, only check whether XTS is enabled which uses 64 Byte keys, + * and use 32 Bytes as an upper bound for the maximum key length otherwise. + * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined + * in ssl_internal.h, which however deliberately ignores the case of XTS + * since the latter isn't used in SSL/TLS. */ +#if defined(MBEDTLS_CIPHER_MODE_XTS) +#define MBEDTLS_MAX_KEY_LENGTH 64 +#else +#define MBEDTLS_MAX_KEY_LENGTH 32 +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + /** * Base cipher information (opaque struct). */ diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index d28310847..2484c01c7 100644 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -134,7 +134,7 @@ typedef enum typedef struct { psa_algorithm_t alg; - psa_key_handle_t slot; + psa_key_id_t slot; mbedtls_cipher_psa_key_ownership slot_state; } mbedtls_cipher_context_psa; #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1e6e05275..464b61ee2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -864,7 +864,7 @@ * may result in a compromise of the long-term signing key. This is avoided by * the deterministic variant. * - * Requires: MBEDTLS_HMAC_DRBG_C + * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C * * Comment this macro to disable deterministic ECDSA. */ @@ -1258,20 +1258,17 @@ */ //#define MBEDTLS_ENTROPY_NV_SEED -/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * - * In PSA key storage, encode the owner of the key. + * Enable key identifiers that encode a key owner identifier. * - * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide - * an implementation of the type psa_key_owner_id_t and a translation - * from psa_key_file_id_t to file name in all the storage backends that - * you wish to support. + * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t + * which is currently hard-coded to be int32_t. * * Note that this option is meant for internal use only and may be removed - * without notice. + * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO. */ -//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /** * \def MBEDTLS_MEMORY_DEBUG @@ -1329,6 +1326,17 @@ */ #define MBEDTLS_PKCS1_V21 +/** \def MBEDTLS_PSA_CRYPTO_DRIVERS + * + * Enable support for the experimental PSA crypto driver interface. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_DRIVERS + /** * \def MBEDTLS_PSA_CRYPTO_SPM * @@ -1804,6 +1812,37 @@ */ #define MBEDTLS_SSL_DTLS_HELLO_VERIFY +/** + * \def MBEDTLS_SSL_DTLS_SRTP + * + * Enable support for negotation of DTLS-SRTP (RFC 5764) + * through the use_srtp extension. + * + * \note This feature provides the minimum functionality required + * to negotiate the use of DTLS-SRTP and to allow the derivation of + * the associated SRTP packet protection key material. + * In particular, the SRTP packet protection itself, as well as the + * demultiplexing of RTP and DTLS packets at the datagram layer + * (see Section 5 of RFC 5764), are not handled by this feature. + * Instead, after successful completion of a handshake negotiating + * the use of DTLS-SRTP, the extended key exporter API + * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement + * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 + * (this is implemented in the SSL example programs). + * The resulting key should then be passed to an SRTP stack. + * + * Setting this option enables the runtime API + * mbedtls_ssl_conf_dtls_srtp_protection_profiles() + * through which the supported DTLS-SRTP protection + * profiles can be configured. You must call this API at + * runtime if you wish to negotiate the use of DTLS-SRTP. + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Uncomment this to enable support for use_srtp extension. + */ +//#define MBEDTLS_SSL_DTLS_SRTP + /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE * @@ -2011,6 +2050,24 @@ */ //#define MBEDTLS_USE_PSA_CRYPTO +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * Uncomment this to enable use of PSA Crypto configuration settings which + * can be found in include/psa/crypto_config.h. + * + * If you enable this option and write your own configuration file, you must + * include mbedtls/config_psa.h in your configuration file. The default + * provided mbedtls/config.h contains the necessary inclusion. + * + * This feature is still experimental and is not ready for production since + * it is not completed. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG + /** * \def MBEDTLS_VERSION_FEATURES * @@ -3450,7 +3507,7 @@ */ /* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ @@ -3803,6 +3860,10 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "mbedtls/config_psa.h" +#endif + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h new file mode 100644 index 000000000..5cf1aa77d --- /dev/null +++ b/include/mbedtls/config_psa.h @@ -0,0 +1,233 @@ +/** + * \file mbedtls/config_psa.h + * \brief PSA crypto configuration options (set of defines) + * + * This set of compile-time options takes settings defined in + * include/mbedtls/config.h and include/psa/crypto_config.h and uses + * those definitions to define symbols used in the library code. + * + * Users and integrators should not edit this file, please edit + * include/mbedtls/config.h for MBETLS_XXX settings or + * include/psa/crypto_config.h for PSA_WANT_XXX settings. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_PSA_H +#define MBEDTLS_CONFIG_PSA_H + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "psa/crypto_config.h" +#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDSA_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ +#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ + +#if defined(PSA_WANT_ALG_ECDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ + +#if defined(PSA_WANT_ALG_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 +#define MBEDTLS_ECDSA_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ +#endif /* PSA_WANT_ALG_ECDSA */ + +#if defined(PSA_WANT_ALG_HKDF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ +#endif /* PSA_WANT_ALG_HKDF */ + +#if defined(PSA_WANT_ALG_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ +#endif /* PSA_WANT_ALG_HMAC */ + +#if defined(PSA_WANT_ALG_RSA_OAEP) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ +#endif /* PSA_WANT_ALG_RSA_OAEP */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ + +#if defined(PSA_WANT_ALG_RSA_PSS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ +#endif /* PSA_WANT_ALG_RSA_PSS */ + +#if defined(PSA_WANT_ALG_TLS12_PRF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ +#endif /* PSA_WANT_ALG_TLS12_PRF */ + +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ +#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_GENPRIME +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ + +#else /* MBEDTLS_PSA_CRYPTO_CONFIG */ + +/* + * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG + * is not defined + */ +#if defined(MBEDTLS_ECDH_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#endif /* MBEDTLS_ECDH_C */ + +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 + +// Only add in DETERMINISTIC support if ECDSA is also enabled +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_ECP_C) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 +#endif /* MBEDTLS_ECP_C */ + +#if defined(MBEDTLS_HKDF_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#endif /* MBEDTLS_HKDF_C */ + +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#endif /* MBEDTLS_MD_C */ + +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PKCS1_V15) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#endif /* MBEDTLSS_PKCS1_V15 */ +#if defined(MBEDTLS_PKCS1_V21) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#endif /* MBEDTLS_PKCS1_V21 */ +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 +#endif /* MBEDTLS_RSA_C */ + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CONFIG_PSA_H */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index ed23cb9c6..6b673616f 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -155,7 +155,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * than zero, this must be a writable buffer of at least that * size in Bytes. * \param tag_len The length of the tag to generate. - * \param tag The buffer for holding the tag. This must be a readable + * \param tag The buffer for holding the tag. This must be a writable * buffer of at least \p tag_len Bytes. * * \return \c 0 if the encryption or decryption was performed @@ -283,7 +283,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * tag. The tag can have a maximum length of 16 Bytes. * * \param ctx The GCM context. This must be initialized. - * \param tag The buffer for holding the tag. This must be a readable + * \param tag The buffer for holding the tag. This must be a writable * buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to generate. This must be at least * four. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 22fab13bd..7d0f977d5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -331,12 +331,13 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key handle). + * (context already used, invalid key identifier). * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an * ECC key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ); +int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, + const psa_key_id_t key ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) @@ -858,9 +859,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * * \param pk Input: the EC key to import to a PSA key. * Output: a PK context wrapping that PSA key. - * \param handle Output: a PSA key handle. + * \param key Output: a PSA key identifier. * It's the caller's responsibility to call - * psa_destroy_key() on that handle after calling + * psa_destroy_key() on that key identifier after calling * mbedtls_pk_free() on the PK context. * \param hash_alg The hash algorithm to allow for use with that key. * @@ -868,7 +869,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * \return An Mbed TLS error code otherwise. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_handle_t *handle, + psa_key_id_t *key, psa_algorithm_t hash_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 3c037068e..d8a32c59e 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -83,6 +83,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( { switch( mode ) { + case MBEDTLS_MODE_ECB: + return( PSA_ALG_ECB_NO_PADDING ); case MBEDTLS_MODE_GCM: return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 9036ed499..4a8ab4256 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -131,8 +131,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, /** * \brief This function finishes the SHA-512 operation, and writes - * the result to the output buffer. This function is for - * internal use only. + * the result to the output buffer. * * \param ctx The SHA-512 context. This must be initialized * and have a hash operation started. @@ -148,6 +147,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, /** * \brief This function processes a single data block within * the ongoing SHA-512 computation. + * This function is for internal use only. * * \param ctx The SHA-512 context. This must be initialized. * \param data The buffer holding one block of data. This diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f086bdfdc..7815ad9d0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -42,7 +42,12 @@ #include "mbedtls/dhm.h" #endif -#if defined(MBEDTLS_ECDH_C) +/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due + * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap + * in functionality that access to ecdh_ctx structure is needed for + * MBEDTLS_ECDSA_C which does not seem correct. + */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) #include "mbedtls/ecdh.h" #endif @@ -214,6 +219,9 @@ #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 +#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 +#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 + /* * Default range for DTLS retransmission timer value, in milliseconds. * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. @@ -393,6 +401,8 @@ #define MBEDTLS_TLS_EXT_SIG_ALG 13 +#define MBEDTLS_TLS_EXT_USE_SRTP 14 + #define MBEDTLS_TLS_EXT_ALPN 16 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ @@ -851,6 +861,41 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + +#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 +#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 +/* + * For code readability use a typedef for DTLS-SRTP profiles + * + * Use_srtp extension protection profiles values as defined in + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * + * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value + * must be updated too. + */ +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001) +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006) +/* This one is not iana defined, but for code readability. */ +#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000) + +typedef uint16_t mbedtls_ssl_srtp_profile; + +typedef struct mbedtls_dtls_srtp_info_t +{ + /*! The SRTP profile that was negotiated. */ + mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; + /*! The length of mki_value. */ + uint16_t mki_len; + /*! The mki_value used, with max size of 256 bytes. */ + unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; +} +mbedtls_dtls_srtp_info; + +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * This structure is used for storing current session data. * @@ -1023,11 +1068,12 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK. - * This field should only be set via - * mbedtls_ssl_conf_psk_opaque(). - * If either no PSK or a raw PSK have - * been configured, this has value \c 0. */ + psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field + * should only be set via + * mbedtls_ssl_conf_psk_opaque(). + * If either no PSK or a raw PSK have been + * configured, this has value \c 0. + */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *psk; /*!< The raw pre-shared key. This field should @@ -1057,6 +1103,13 @@ struct mbedtls_ssl_config const char **alpn_list; /*!< ordered list of protocols */ #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /*! ordered list of supported srtp profile */ + const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; + /*! number of supported profiles */ + size_t dtls_srtp_profile_list_len; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Numerical settings (int then char) */ @@ -1137,9 +1190,12 @@ struct mbedtls_ssl_config * record with unexpected CID * should lead to failure. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + unsigned int dtls_srtp_mki_support : 1; /* support having mki_value + in the use_srtp extension */ +#endif }; - struct mbedtls_ssl_context { const mbedtls_ssl_config *conf; /*!< configuration information */ @@ -1298,6 +1354,13 @@ struct mbedtls_ssl_context const char *alpn_chosen; /*!< negotiated protocol */ #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* + * use_srtp extension + */ + mbedtls_dtls_srtp_info dtls_srtp_info; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Information for DTLS hello verify */ @@ -1559,7 +1622,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. * - * \note See the documentations of \c mbedtls_ssl_sent_t, + * \note See the documentations of \c mbedtls_ssl_send_t, * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for * the conventions those callbacks must follow. * @@ -2032,6 +2095,8 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * (Default: none.) * * \note See \c mbedtls_ssl_export_keys_ext_t. + * \warning Exported key material must not be used for any purpose + * before the (D)TLS handshake is completed * * \param conf SSL configuration context * \param f_export_keys_ext Callback for exporting keys @@ -2755,7 +2820,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_handle_t psk, + psa_key_id_t psk, const unsigned char *psk_identity, size_t psk_identity_len ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -2801,7 +2866,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_handle_t psk ); + psa_key_id_t psk ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -3120,6 +3185,105 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#if defined(MBEDTLS_DEBUG_C) +static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) +{ + switch( profile ) + { + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ); + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ); + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ); + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ); + default: break; + } + return( "" ); +} +#endif /* MBEDTLS_DEBUG_C */ +/** + * \brief Manage support for mki(master key id) value + * in use_srtp extension. + * MKI is an optional part of SRTP used for key management + * and re-keying. See RFC3711 section 3.1 for details. + * The default value is + * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. + * + * \param conf The SSL configuration to manage mki support. + * \param support_mki_value Enable or disable mki usage. Values are + * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED + * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. + */ +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, + int support_mki_value ); + +/** + * \brief Set the supported DTLS-SRTP protection profiles. + * + * \param conf SSL configuration + * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated + * supported protection profiles + * in decreasing preference order. + * The pointer to the list is recorded by the library + * for later reference as required, so the lifetime + * of the table must be at least as long as the lifetime + * of the SSL configuration structure. + * The list must not hold more than + * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements + * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). + * + * \return 0 on success + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * protection profiles is incorrect. + */ +int mbedtls_ssl_conf_dtls_srtp_protection_profiles + ( mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles ); + +/** + * \brief Set the mki_value for the current DTLS-SRTP session. + * + * \param ssl SSL context to use. + * \param mki_value The MKI value to set. + * \param mki_len The length of the MKI value. + * + * \note This function is relevant on client side only. + * The server discovers the mki value during handshake. + * A mki value set on server side using this function + * is ignored. + * + * \return 0 on success + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + */ +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len ); +/** + * \brief Get the negotiated DTLS-SRTP informations: + * Protection profile and MKI value. + * + * \warning This function must be called after the handshake is + * completed. The value returned by this function must + * not be trusted or acted upon before the handshake completes. + * + * \param ssl The SSL context to query. + * \param dtls_srtp_info The negotiated DTLS-SRTP informations: + * - Protection profile in use. + * A direct mapping of the iana defined value for protection + * profile on an uint16_t. + http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated + * or peer's Hello packet was not parsed yet. + * - mki size and value( if size is > 0 ). + */ +void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info ); +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /** * \brief Set the maximum supported version sent from the client side * and/or accepted at the server side diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index b3d53d34a..577c959b6 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -378,6 +378,49 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); + +/* cipher.h exports the maximum IV, key and block length from + * all ciphers enabled in the config, regardless of whether those + * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled + * in the default configuration and uses 64 Byte keys, but it is + * not used for record protection in SSL/TLS. + * + * In order to prevent unnecessary inflation of key structures, + * we introduce SSL-specific variants of the max-{key,block,IV} + * macros here which are meant to only take those ciphers into + * account which can be negotiated in SSL/TLS. + * + * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH + * in cipher.h are rough overapproximations of the real maxima, here + * we content ourselves with replicating those overapproximations + * for the maximum block and IV length, and excluding XTS from the + * computation of the maximum key length. */ +#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 +#define MBEDTLS_SSL_MAX_IV_LENGTH 16 +#define MBEDTLS_SSL_MAX_KEY_LENGTH 32 + +/** + * \brief The data structure holding the cryptographic material (key and IV) + * used for record protection in TLS 1.3. + */ +struct mbedtls_ssl_key_set +{ + /*! The key for client->server records. */ + unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; + /*! The key for server->client records. */ + unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; + /*! The IV for client->server records. */ + unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; + /*! The IV for server->client records. */ + unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; + + size_t key_len; /*!< The length of client_write_key and + * server_write_key, in Bytes. */ + size_t iv_len; /*!< The length of client_write_iv and + * server_write_iv, in Bytes. */ +}; +typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; + /* * This structure contains the parameters only needed during handshake. */ @@ -394,17 +437,22 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if defined(MBEDTLS_ECDH_C) +/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due + * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap + * in functionality that access to ecdh_ctx structure is needed for + * MBEDTLS_ECDSA_C which does not seem correct. + */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t ecdh_psa_type; uint16_t ecdh_bits; - psa_key_handle_t ecdh_psa_privkey; + psa_key_id_t ecdh_psa_privkey; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ @@ -419,7 +467,7 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t psk_opaque; /*!< Opaque PSK from the callback */ + psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *psk; /*!< PSK from the callback */ size_t psk_len; /*!< Length of PSK from callback */ @@ -1018,16 +1066,16 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() * Return an opaque PSK */ -static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( +static inline psa_key_id_t mbedtls_ssl_get_opaque_psk( const mbedtls_ssl_context *ssl ) { - if( ssl->handshake->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( ssl->handshake->psk_opaque ); - if( ssl->conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( ssl->conf->psk_opaque ); - return( 0 ); + return( MBEDTLS_SVC_KEY_ID_INIT ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1052,6 +1100,23 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value + ( const uint16_t srtp_profile_value ) +{ + switch( srtp_profile_value ) + { + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + return srtp_profile_value; + default: break; + } + return( MBEDTLS_TLS_SRTP_UNSET ); +} +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) { diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index d62d3124e..665a283e1 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -37,7 +37,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 23 +#define MBEDTLS_VERSION_MINOR 24 #define MBEDTLS_VERSION_PATCH 0 /** @@ -45,9 +45,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02170000 -#define MBEDTLS_VERSION_STRING "2.23.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.23.0" +#define MBEDTLS_VERSION_NUMBER 0x02180000 +#define MBEDTLS_VERSION_STRING "2.24.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.24.0" #if defined(MBEDTLS_VERSION_C) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a3161666d..b41a20bfc 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -36,16 +36,6 @@ * @{ */ -/** \brief Key handle. - * - * This type represents open handles to keys. It must be an unsigned integral - * type. The choice of type is implementation-dependent. - * - * 0 is not a valid key handle. How other handle values are assigned is - * implementation-dependent. - */ -typedef _unsigned_integral_type_ psa_key_handle_t; - /**@}*/ #endif /* __DOXYGEN_ONLY__ */ @@ -146,11 +136,30 @@ static psa_key_attributes_t psa_key_attributes_init(void); * linkage). This function may be provided as a function-like macro, * but in this case it must evaluate each of its arguments exactly once. * - * \param[out] attributes The attribute structure to write to. - * \param id The persistent identifier for the key. + * \param[out] attributes The attribute structure to write to. + * \param key The persistent identifier for the key. */ -static void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id); +static void psa_set_key_id( psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t key ); + +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +/** Set the owner identifier of a key. + * + * When key identifiers encode key owner identifiers, psa_set_key_id() does + * not allow to define in key attributes the owner of volatile keys as + * psa_set_key_id() enforces the key to be persistent. + * + * This function allows to set in key attributes the owner identifier of a + * key. It is intended to be used for volatile keys. For persistent keys, + * it is recommended to use the PSA Cryptography API psa_set_key_id() to define + * the owner of a key. + * + * \param[out] attributes The attribute structure to write to. + * \param owner_id The key owner identifier. + */ +static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, + mbedtls_key_owner_id_t owner_id ); +#endif /** Set the location of a persistent key. * @@ -192,7 +201,8 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes, * This value is unspecified if the attribute structure declares * the key as volatile. */ -static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes); +static mbedtls_svc_key_id_t psa_get_key_id( + const psa_key_attributes_t *attributes); /** Retrieve the lifetime from key attributes. * @@ -347,7 +357,7 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * Once you have called this function on an attribute structure, * you must call psa_reset_key_attributes() to free these resources. * - * \param[in] handle Handle to the key to query. + * \param[in] key Identifier of the key to query. * \param[in,out] attributes On success, the attributes of the key. * On failure, equivalent to a * freshly-initialized structure. @@ -363,7 +373,7 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_get_key_attributes(psa_key_handle_t handle, +psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes); /** Reset a key attribute structure to a freshly initialized state. @@ -386,93 +396,28 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * @{ */ -/** Open a handle to an existing persistent key. +/** Remove non-essential copies of key material from memory. * - * Open a handle to a persistent key. A key is persistent if it was created - * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key - * always has a nonzero key identifier, set with psa_set_key_id() when - * creating the key. Implementations may provide additional pre-provisioned - * keys that can be opened with psa_open_key(). Such keys have a key identifier - * in the vendor range, as documented in the description of #psa_key_id_t. + * If the key identifier designates a volatile key, this functions does not do + * anything and returns successfully. * - * The application must eventually close the handle with psa_close_key() or - * psa_destroy_key() to release associated resources. If the application dies - * without calling one of these functions, the implementation should perform - * the equivalent of a call to psa_close_key(). + * If the key identifier designates a persistent key, then this function will + * free all resources associated with the key in volatile memory. The key + * data in persistent storage is not affected and the key can still be used. * - * Some implementations permit an application to open the same key multiple - * times. If this is successful, each call to psa_open_key() will return a - * different key handle. - * - * \note Applications that rely on opening a key multiple times will not be - * portable to implementations that only permit a single key handle to be - * opened. See also :ref:\`key-handles\`. - * - * \param id The persistent identifier of the key. - * \param[out] handle On success, a handle to the key. + * \param key Identifier of the key to purge. * * \retval #PSA_SUCCESS - * Success. The application can now use the value of `*handle` - * to access the key. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * The implementation does not have sufficient resources to open the - * key. This can be due to reaching an implementation limit on the - * number of open keys, the number of open key handles, or available - * memory. - * \retval #PSA_ERROR_DOES_NOT_EXIST - * There is no persistent key with key identifier \p id. + * The key material will have been removed from memory if it is not + * currently required. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p id is not a valid persistent key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The specified key exists, but the application does not have the - * permission to access it. Note that this specification does not - * define any way to create such a key, but it may be possible - * through implementation-specific means. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \p key is not a valid key identifier. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_open_key(psa_key_id_t id, - psa_key_handle_t *handle); - - -/** Close a key handle. - * - * If the handle designates a volatile key, this will destroy the key material - * and free all associated resources, just like psa_destroy_key(). - * - * If this is the last open handle to a persistent key, then closing the handle - * will free all resources associated with the key in volatile memory. The key - * data in persistent storage is not affected and can be opened again later - * with a call to psa_open_key(). - * - * Closing the key handle makes the handle invalid, and the key handle - * must not be used again by the application. - * - * \note If the key handle was used to set up an active - * :ref:\`multipart operation \`, then closing the - * key handle can cause the multipart operation to fail. Applications should - * maintain the key handle until after the multipart operation has finished. - * - * \param handle The key handle to close. - * If this is \c 0, do nothing and return \c PSA_SUCCESS. - * - * \retval #PSA_SUCCESS - * \p handle was a valid handle or \c 0. It is now closed. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p handle is not a valid handle nor \c 0. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_close_key(psa_key_handle_t handle); +psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); /** Make a copy of a key. * @@ -511,7 +456,10 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * The effect of this function on implementation-defined attributes is * implementation-defined. * - * \param source_handle The key to copy. It must be a valid key handle. + * \param source_key The key to copy. It must allow the usage + * #PSA_KEY_USAGE_COPY. If a private or secret key is + * being copied outside of a secure element it must + * also allow #PSA_KEY_USAGE_EXPORT. * \param[in] attributes The attributes for the new key. * They are used as follows: * - The key type and size may be 0. If either is @@ -525,12 +473,14 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * the source key and \p attributes so that * both sets of restrictions apply, as * described in the documentation of this function. - * \param[out] target_handle On success, a handle to the newly created key. + * \param[out] target_key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. * \c 0 on failure. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \p source_handle is invalid. + * \p source_key is invalid. * \retval #PSA_ERROR_ALREADY_EXISTS * This is an attempt to create a persistent key, and there is * already a persistent key with the given identifier. @@ -558,9 +508,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_copy_key(psa_key_handle_t source_handle, +psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *attributes, - psa_key_handle_t *target_handle); + mbedtls_svc_key_id_t *target_key); /** @@ -571,28 +521,22 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * make a best effort to ensure that that the key material cannot be recovered. * * This function also erases any metadata such as policies and frees - * resources associated with the key. To free all resources associated with - * the key, all handles to the key must be closed or destroyed. - * - * Destroying the key makes the handle invalid, and the key handle - * must not be used again by the application. Using other open handles to the - * destroyed key in a cryptographic operation will result in an error. + * resources associated with the key. * * If a key is currently in use in a multipart operation, then destroying the * key will cause the multipart operation to fail. * - * \param handle Handle to the key to erase. - * If this is \c 0, do nothing and return \c PSA_SUCCESS. + * \param key Identifier of the key to erase. If this is \c 0, do nothing and + * return #PSA_SUCCESS. * * \retval #PSA_SUCCESS - * \p handle was a valid handle and the key material that it - * referred to has been erased. - * Alternatively, \p handle is \c 0. + * \p key was a valid identifier and the key material that it + * referred to has been erased. Alternatively, \p key is \c 0. * \retval #PSA_ERROR_NOT_PERMITTED * The key cannot be erased because it is * read-only, either due to a policy or due to physical restrictions. * \retval #PSA_ERROR_INVALID_HANDLE - * \p handle is not a valid handle nor \c 0. + * \p key is not a valid identifier nor \c 0. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * There was an failure in communication with the cryptoprocessor. * The key material may still be present in the cryptoprocessor. @@ -610,7 +554,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_destroy_key(psa_key_handle_t handle); +psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); /**@}*/ @@ -645,7 +589,9 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * \p data buffer. * If the key size in \p attributes is nonzero, * it must be equal to the size from \p data. - * \param[out] handle On success, a handle to the newly created key. + * \param[out] key On success, an identifier to the newly created key. + * For persistent keys, this is the key identifier + * defined in \p attributes. * \c 0 on failure. * \param[in] data Buffer containing the key data. The content of this * buffer is interpreted according to the type declared @@ -690,7 +636,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); @@ -751,7 +697,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set. * - * \param handle Handle to the key to export. + * \param key Identifier of the key to export. It must allow the + * usage #PSA_KEY_USAGE_EXPORT, unless it is a public + * key. * \param[out] data Buffer where the key data is to be written. * \param data_size Size of the \p data buffer in bytes. * \param[out] data_length On success, the number of bytes @@ -778,7 +726,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_export_key(psa_key_handle_t handle, +psa_status_t psa_export_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length); @@ -821,7 +769,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * Exporting a public key object or the public part of a key pair is * always permitted, regardless of the key's usage flags. * - * \param handle Handle to the key to export. + * \param key Identifier of the key to export. * \param[out] data Buffer where the key data is to be written. * \param data_size Size of the \p data buffer in bytes. * \param[out] data_length On success, the number of bytes @@ -848,7 +796,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_export_public_key(psa_key_handle_t handle, +psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length); @@ -1225,7 +1173,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * about the MAC value which could allow an attacker to guess * a valid MAC and thereby bypass security controls. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. @@ -1240,7 +1189,7 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1256,7 +1205,7 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_mac_compute(psa_key_handle_t handle, +psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1266,7 +1215,8 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, /** Calculate the MAC of a message and compare it with a reference value. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. @@ -1282,7 +1232,7 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1296,7 +1246,7 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_mac_verify(psa_key_handle_t handle, +psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1381,9 +1331,9 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * @@ -1392,7 +1342,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1409,7 +1359,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * results in this error code. */ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set up a multipart MAC verification operation. @@ -1443,9 +1393,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage + * PSA_KEY_USAGE_VERIFY_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * @@ -1471,7 +1422,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * results in this error code. */ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Add a message fragment to a multipart MAC operation. @@ -1638,9 +1589,8 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * vector). Use the multipart operation interface with a * #psa_cipher_operation_t object to provide other forms of IV. * - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. + * It must allow the usage #PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1658,7 +1608,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1672,7 +1622,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, +psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1684,9 +1634,10 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * * This function decrypts a message encrypted with a symmetric cipher. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1704,7 +1655,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1718,7 +1669,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, +psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1804,9 +1755,10 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1816,7 +1768,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1832,7 +1784,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * results in this error code. */ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set the key for a multipart symmetric decryption operation. @@ -1867,9 +1819,10 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1879,7 +1832,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1895,7 +1848,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * results in this error code. */ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Generate an IV for a symmetric encryption operation. @@ -2109,7 +2062,9 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); /** Process an authenticated encryption operation. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2140,7 +2095,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2155,7 +2110,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_aead_encrypt(psa_key_handle_t handle, +psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -2169,7 +2124,9 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, /** Process an authenticated decryption operation. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2200,7 +2157,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2215,7 +2172,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_aead_decrypt(psa_key_handle_t handle, +psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -2311,9 +2268,10 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2322,10 +2280,10 @@ static psa_aead_operation_t psa_aead_operation_init(void); * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2339,7 +2297,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * results in this error code. */ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set the key for a multipart authenticated decryption operation. @@ -2377,9 +2335,10 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2388,10 +2347,10 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2405,7 +2364,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * results in this error code. */ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Generate a random nonce for an authenticated encryption operation. @@ -2431,7 +2390,7 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active aead encrypt - operation, with no nonce set). + * operation, with no nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p nonce buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2863,10 +2822,11 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) * to determine the hash algorithm to use. * - * \param handle Handle to the key to use for the operation. - * It must be an asymmetric key pair. + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_HASH. * \param alg A signature algorithm that is compatible with - * the type of \p handle. + * the type of \p key. * \param[in] hash The hash or message to sign. * \param hash_length Size of the \p hash buffer in bytes. * \param[out] signature Buffer where the signature is to be written. @@ -2882,7 +2842,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2896,7 +2856,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_sign_hash(psa_key_handle_t handle, +psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -2913,10 +2873,12 @@ psa_status_t psa_sign_hash(psa_key_handle_t handle, * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) * to determine the hash algorithm to use. * - * \param handle Handle to the key to use for the operation. - * It must be a public key or an asymmetric key pair. + * \param key Identifier of the key to use for the operation. It + * must be a public key or an asymmetric key pair. The + * key must allow the usage + * #PSA_KEY_USAGE_VERIFY_HASH. * \param alg A signature algorithm that is compatible with - * the type of \p handle. + * the type of \p key. * \param[in] hash The hash or message whose signature is to be * verified. * \param hash_length Size of the \p hash buffer in bytes. @@ -2942,7 +2904,7 @@ psa_status_t psa_sign_hash(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_verify_hash(psa_key_handle_t handle, +psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -2952,11 +2914,12 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, /** * \brief Encrypt a short message with a public key. * - * \param handle Handle to the key to use for the operation. - * It must be a public key or an asymmetric - * key pair. + * \param key Identifer of the key to use for the operation. + * It must be a public key or an asymmetric key + * pair. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. * \param alg An asymmetric encryption algorithm that is - * compatible with the type of \p handle. + * compatible with the type of \p key. * \param[in] input The message to encrypt. * \param input_length Size of the \p input buffer in bytes. * \param[in] salt A salt or label, if supported by the @@ -2985,7 +2948,7 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2999,7 +2962,7 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, +psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3012,10 +2975,11 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, /** * \brief Decrypt a short message with a private key. * - * \param handle Handle to the key to use for the operation. - * It must be an asymmetric key pair. + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. It must + * allow the usage #PSA_KEY_USAGE_DECRYPT. * \param alg An asymmetric encryption algorithm that is - * compatible with the type of \p handle. + * compatible with the type of \p key. * \param[in] input The message to decrypt. * \param input_length Size of the \p input buffer in bytes. * \param[in] salt A salt or label, if supported by the @@ -3044,7 +3008,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3059,7 +3023,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, +psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3317,9 +3281,9 @@ psa_status_t psa_key_derivation_input_bytes( * psa_key_derivation_setup() and must not * have produced any output yet. * \param step Which step the input data is for. - * \param handle Handle to the key. It must have an - * appropriate type for \p step and must - * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param key Identifier of the key. It must have an + * appropriate type for step and must allow the + * usage #PSA_KEY_USAGE_DERIVE. * * \retval #PSA_SUCCESS * Success. @@ -3345,7 +3309,7 @@ psa_status_t psa_key_derivation_input_bytes( psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t handle); + mbedtls_svc_key_id_t key); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3370,7 +3334,8 @@ psa_status_t psa_key_derivation_input_key( * The operation must be ready for an * input of the type given by \p step. * \param step Which step the input data is for. - * \param private_key Handle to the private key to use. + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. The peer key must be in the * same format that psa_import_key() accepts for the * public key type corresponding to the type of @@ -3414,7 +3379,7 @@ psa_status_t psa_key_derivation_input_key( psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length); @@ -3558,7 +3523,9 @@ psa_status_t psa_key_derivation_output_bytes( * * \param[in] attributes The attributes for the new key. * \param[in,out] operation The key derivation operation object to read from. - * \param[out] handle On success, a handle to the newly created key. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. * \c 0 on failure. * * \retval #PSA_SUCCESS @@ -3598,7 +3565,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); /** Abort a key derivation operation. * @@ -3639,7 +3606,8 @@ psa_status_t psa_key_derivation_abort( * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) * is true). - * \param private_key Handle to the private key to use. + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. It must be * in the same format that psa_import_key() * accepts. The standard formats for public @@ -3677,7 +3645,7 @@ psa_status_t psa_key_derivation_abort( * results in this error code. */ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, @@ -3733,7 +3701,9 @@ psa_status_t psa_generate_random(uint8_t *output, * attributes. * * \param[in] attributes The attributes for the new key. - * \param[out] handle On success, a handle to the newly created key. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. * \c 0 on failure. * * \retval #PSA_SUCCESS @@ -3758,7 +3728,7 @@ psa_status_t psa_generate_random(uint8_t *output, * results in this error code. */ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); /**@}*/ diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h index 1a193c5b9..4488ea8ad 100644 --- a/include/psa/crypto_accel_driver.h +++ b/include/psa/crypto_accel_driver.h @@ -75,7 +75,7 @@ typedef struct psa_drv_hash_context_s psa_drv_hash_context_t; * \param[in,out] p_context A structure that will contain the * hardware-specific hash context * - * \retval PSA_SUCCESS Success. + * \retval #PSA_SUCCESS Success. */ typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context); @@ -120,7 +120,7 @@ typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context, * \param[out] p_output_length The number of bytes placed in `p_output` after * success * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context, @@ -188,7 +188,7 @@ typedef struct psa_drv_accel_mac_context_s psa_drv_accel_mac_context_t; * to be used in the operation * \param[in] key_length The size in bytes of the key material * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_accel_mac_setup_t)(psa_drv_accel_mac_context_t *p_context, @@ -235,7 +235,7 @@ typedef psa_status_t (*psa_drv_accel_mac_update_t)(psa_drv_accel_mac_context_t * * \param[in] mac_length The size in bytes of the buffer that has been * allocated for the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t *p_context, @@ -261,7 +261,7 @@ typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t * * \param[in] mac_length The size in bytes of the data in the `p_mac` * buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the comparison matched */ typedef psa_status_t (*psa_drv_accel_mac_finish_verify_t)(psa_drv_accel_mac_context_t *p_context, @@ -335,7 +335,7 @@ typedef psa_status_t (*psa_drv_accel_mac_t)(const uint8_t *p_input, * \param[in] p_mac The MAC data to be compared * \param[in] mac_length The length in bytes of the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the comparison matched */ typedef psa_status_t (*psa_drv_accel_mac_verify_t)(const uint8_t *p_input, @@ -396,7 +396,7 @@ typedef struct psa_drv_accel_cipher_context_s psa_drv_accel_cipher_context_t; * to be used in the operation * \param[in] key_data_size The size in bytes of the key material * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_context_t *p_context, psa_encrypt_or_decrypt_t direction, @@ -419,7 +419,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_contex * \param[in] p_iv A buffer containing the initialization vecotr * \param[in] iv_length The size in bytes of the contents of `p_iv` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_context_t *p_context, const uint8_t *p_iv, @@ -448,7 +448,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_conte * \param[out] p_output_length After completion, will contain the number * of bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_context_t *p_context, const uint8_t *p_input, @@ -477,7 +477,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_conte * \param[out] p_output_length After completion, will contain the number of * bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_context_t *p_context, uint8_t *p_output, @@ -499,7 +499,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_conte * \param[in,out] p_context A hardware-specific structure for the * previously started cipher operation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_abort_t)(psa_drv_accel_cipher_context_t *p_context); @@ -659,7 +659,7 @@ typedef psa_status_t (*psa_drv_accel_aead_decrypt_t)(const uint8_t *p_key, * \param[out] p_signature_length On success, the number of bytes * that make up the returned signature value * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key, size_t key_size, @@ -697,7 +697,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key, * \param[in] p_signature Buffer containing the signature to verify * \param[in] signature_length Size of the `p_signature` buffer in bytes * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The signature is valid. */ typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key, @@ -748,7 +748,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key, * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key, size_t key_size, @@ -800,7 +800,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key, * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_decrypt_t)(const uint8_t *p_key, size_t key_size, diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 4b607b6ff..86aa27158 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -34,6 +34,27 @@ extern "C" { #endif +/* + * To support both openless APIs and psa_open_key() temporarily, define + * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Do not mark the + * type and its utility macros and functions deprecated yet. This will be done + * in a subsequent phase. + */ +typedef mbedtls_svc_key_id_t psa_key_handle_t; + +#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT + +/** Check wether an handle is null. + * + * \param handle Handle + * + * \return Non-zero if the handle is null, zero otherwise. + */ +static inline int psa_key_handle_is_null( psa_key_handle_t handle ) +{ + return( mbedtls_svc_key_id_is_null( handle ) ); +} + #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* @@ -113,10 +134,6 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ); } - - -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* * Size-specific elliptic curve families. */ @@ -223,6 +240,109 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #define PSA_DH_GROUP_CUSTOM \ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM ) +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +/** Open a handle to an existing persistent key. + * + * Open a handle to a persistent key. A key is persistent if it was created + * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key + * always has a nonzero key identifier, set with psa_set_key_id() when + * creating the key. Implementations may provide additional pre-provisioned + * keys that can be opened with psa_open_key(). Such keys have an application + * key identifier in the vendor range, as documented in the description of + * #psa_key_id_t. + * + * The application must eventually close the handle with psa_close_key() or + * psa_destroy_key() to release associated resources. If the application dies + * without calling one of these functions, the implementation should perform + * the equivalent of a call to psa_close_key(). + * + * Some implementations permit an application to open the same key multiple + * times. If this is successful, each call to psa_open_key() will return a + * different key handle. + * + * \note This API is not part of the PSA Cryptography API Release 1.0.0 + * specification. It was defined in the 1.0 Beta 3 version of the + * specification but was removed in the 1.0.0 released version. This API is + * kept for the time being to not break applications relying on it. It is not + * deprecated yet but will be in the near future. + * + * \note Applications that rely on opening a key multiple times will not be + * portable to implementations that only permit a single key handle to be + * opened. See also :ref:\`key-handles\`. + * + * + * \param key The persistent identifier of the key. + * \param[out] handle On success, a handle to the key. + * + * \retval #PSA_SUCCESS + * Success. The application can now use the value of `*handle` + * to access the key. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * The implementation does not have sufficient resources to open the + * key. This can be due to reaching an implementation limit on the + * number of open keys, the number of open key handles, or available + * memory. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no persistent key with key identifier \p id. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p id is not a valid persistent key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The specified key exists, but the application does not have the + * permission to access it. Note that this specification does not + * define any way to create such a key, but it may be possible + * through implementation-specific means. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_open_key( mbedtls_svc_key_id_t key, + psa_key_handle_t *handle ); + +/** Close a key handle. + * + * If the handle designates a volatile key, this will destroy the key material + * and free all associated resources, just like psa_destroy_key(). + * + * If this is the last open handle to a persistent key, then closing the handle + * will free all resources associated with the key in volatile memory. The key + * data in persistent storage is not affected and can be opened again later + * with a call to psa_open_key(). + * + * Closing the key handle makes the handle invalid, and the key handle + * must not be used again by the application. + * + * \note This API is not part of the PSA Cryptography API Release 1.0.0 + * specification. It was defined in the 1.0 Beta 3 version of the + * specification but was removed in the 1.0.0 released version. This API is + * kept for the time being to not break applications relying on it. It is not + * deprecated yet but will be in the near future. + * + * \note If the key handle was used to set up an active + * :ref:\`multipart operation \`, then closing the + * key handle can cause the multipart operation to fail. Applications should + * maintain the key handle until after the multipart operation has finished. + * + * \param handle The key handle to close. + * If this is \c 0, do nothing and return \c PSA_SUCCESS. + * + * \retval #PSA_SUCCESS + * \p handle was a valid handle or \c 0. It is now closed. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p handle is not a valid handle nor \c 0. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_close_key(psa_key_handle_t handle); + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h new file mode 100644 index 000000000..c12a52200 --- /dev/null +++ b/include/psa/crypto_config.h @@ -0,0 +1,69 @@ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +/** + * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h, + * this file determines which cryptographic mechanisms are enabled + * through the PSA Cryptography API (\c psa_xxx() functions). + * + * To enable a cryptographic mechanism, uncomment the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * To disable a cryptographic mechanism, comment out the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * The names of cryptographic mechanisms correspond to values + * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead + * of \c PSA_. + * + * Note that many cryptographic mechanisms involve two symbols: one for + * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm + * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve + * additional symbols. + */ +#else +/** + * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h, + * this file is not used, and cryptographic mechanisms are supported + * through the PSA API if and only if they are supported through the + * mbedtls_xxx API. + */ +#endif +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_RSA_OAEP 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +#define PSA_WANT_ALG_RSA_PSS 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + +#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/include/psa/crypto_entropy_driver.h b/include/psa/crypto_entropy_driver.h index 61750448b..9b6546ee9 100644 --- a/include/psa/crypto_entropy_driver.h +++ b/include/psa/crypto_entropy_driver.h @@ -47,7 +47,7 @@ extern "C" { * containing any context information for * the implementation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context); @@ -75,7 +75,7 @@ typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context); * \param[out] p_received_entropy_bits The amount of entropy (in bits) * actually provided in `p_buffer` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_entropy_get_bits_t)(void *p_context, uint8_t *p_buffer, diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f0c7979a8..b25addc85 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -231,10 +231,12 @@ typedef struct mbedtls_psa_stats_s size_t cache_slots; /** Number of slots that are not used for anything. */ size_t empty_slots; + /** Number of slots that are locked. */ + size_t locked_slots; /** Largest key id value among open keys in internal persistent storage. */ - psa_app_key_id_t max_open_internal_key_id; + psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ - psa_app_key_id_t max_open_external_key_id; + psa_key_id_t max_open_external_key_id; } mbedtls_psa_stats_t; /** \brief Get statistics about diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 77c0e5b2f..567398dbf 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -41,60 +41,44 @@ #include MBEDTLS_CONFIG_FILE #endif +/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx + * feature symbols. */ +#include "mbedtls/config_psa.h" + /* PSA requires several types which C99 provides in stdint.h. */ #include -/* Integral type representing a key handle. */ -typedef uint16_t psa_key_handle_t; - -/* This implementation distinguishes *application key identifiers*, which - * are the key identifiers specified by the application, from - * *key file identifiers*, which are the key identifiers that the library - * sees internally. The two types can be different if there is a remote - * call layer between the application and the library which supports - * multiple client applications that do not have access to each others' - * keys. The point of having different types is that the key file - * identifier may encode not only the key identifier specified by the - * application, but also the the identity of the application. - * - * Note that this is an internal concept of the library and the remote - * call layer. The application itself never sees anything other than - * #psa_app_key_id_t with its standard definition. - */ - -/* The application key identifier is always what the application sees as - * #psa_key_id_t. */ -typedef uint32_t psa_app_key_id_t; - -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) - -#if defined(PSA_CRYPTO_SECURE) -/* Building for the PSA Crypto service on a PSA platform. */ -/* A key owner is a PSA partition identifier. */ -typedef int32_t psa_key_owner_id_t; +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline #endif -typedef struct +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + +/* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA + * partition identifier. + * + * The function psa_its_identifier_of_slot() in psa_crypto_storage.c that + * translates a key identifier to a key storage file name assumes that + * mbedtls_key_owner_id_t is an 32 bits integer. This function thus needs + * reworking if mbedtls_key_owner_id_t is not defined as a 32 bits integer + * here anymore. + */ +typedef int32_t mbedtls_key_owner_id_t; + +/** Compare two key owner identifiers. + * + * \param id1 First key owner identifier. + * \param id2 Second key owner identifier. + * + * \return Non-zero if the two key owner identifiers are equal, zero otherwise. + */ +static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1, + mbedtls_key_owner_id_t id2 ) { - uint32_t key_id; - psa_key_owner_id_t owner; -} psa_key_file_id_t; -#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) + return( id1 == id2 ); +} -/* Since crypto.h is used as part of the PSA Cryptography API specification, - * it must use standard types for things like the argument of psa_open_key(). - * If it wasn't for that constraint, psa_open_key() would take a - * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an - * alias for `psa_key_file_id_t` when building for a multi-client service. */ -typedef psa_key_file_id_t psa_key_id_t; -#define PSA_KEY_ID_INIT {0, 0} - -#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ - -/* By default, a key file identifier is just the application key identifier. */ -typedef psa_app_key_id_t psa_key_file_id_t; -#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) - -#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 46b2d645c..1fae57516 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -178,7 +178,7 @@ typedef uint64_t psa_key_slot_number_t; * \param[in] algorithm The algorithm to be used to underly the MAC * operation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context, @@ -213,7 +213,7 @@ typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context, * \param[out] p_mac_length After completion, will contain the number of * bytes placed in the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context, @@ -230,10 +230,10 @@ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context, * will be compared against * \param[in] mac_length The size in bytes of the value stored in `p_mac` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the MACs matched each * other - * \retval PSA_ERROR_INVALID_SIGNATURE + * \retval #PSA_ERROR_INVALID_SIGNATURE * The operation completed successfully, but the calculated MAC did * not match the provided MAC */ @@ -264,7 +264,7 @@ typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context); * \param[out] p_mac_length After completion, will contain the number of * bytes placed in the `output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context, @@ -289,10 +289,10 @@ typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_cont * be compared against * \param[in] mac_length The size in bytes of `mac` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the MACs matched each * other - * \retval PSA_ERROR_INVALID_SIGNATURE + * \retval #PSA_ERROR_INVALID_SIGNATURE * The operation completed successfully, but the calculated MAC did * not match the provided MAC */ @@ -384,8 +384,8 @@ typedef struct { * \param[in] direction Indicates whether the operation is an encrypt * or decrypt * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED */ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -406,7 +406,7 @@ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_cont * \param[in] p_iv A buffer containing the initialization vector * \param[in] iv_length The size (in bytes) of the `p_iv` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, @@ -428,7 +428,7 @@ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number * of bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, @@ -449,7 +449,7 @@ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number of * bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, @@ -484,8 +484,8 @@ typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context); * \param[in] output_size The allocated size in bytes of the `p_output` * buffer * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED */ typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -553,7 +553,7 @@ typedef struct { * \param[out] p_signature_length On success, the number of bytes * that make up the returned signature value * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -578,7 +578,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_c * \param[in] p_signature Buffer containing the signature to verify * \param[in] signature_length Size of the `p_signature` buffer in bytes * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The signature is valid. */ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, @@ -617,7 +617,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv * \param[out] p_output_length On success, the number of bytes that make up * the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -657,7 +657,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *dr * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -1195,7 +1195,7 @@ typedef struct { * \param[in] source_key The key to be used as the source material for * the key derivation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -1215,7 +1215,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t * * \param[in] p_collateral A buffer containing the collateral data * \param[in] collateral_size The size in bytes of the collateral * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, uint32_t collateral_id, @@ -1230,7 +1230,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, * \param[in] dest_key The slot where the generated key material * should be placed * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, psa_key_slot_number_t dest_key); @@ -1244,7 +1244,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, * \param[out] p_output_length Upon success, contains the number of bytes of * key material placed in `p_output` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context, uint8_t *p_output, @@ -1353,7 +1353,7 @@ typedef struct { * \param location The location value through which this driver will * be exposed to applications. * This driver will be used for all keys such that - * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`. + * `location == #PSA_KEY_LIFETIME_GET_LOCATION( lifetime )`. * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved * and may not be used for drivers. Implementations * may reserve other values. @@ -1362,22 +1362,22 @@ typedef struct { * module keeps running. It is typically a global * constant. * - * \return PSA_SUCCESS + * \return #PSA_SUCCESS * The driver was successfully registered. Applications can now * use \p lifetime to access keys through the methods passed to * this function. - * \return PSA_ERROR_BAD_STATE + * \return #PSA_ERROR_BAD_STATE * This function was called after the initialization of the * cryptography module, and this implementation does not support * driver registration at this stage. - * \return PSA_ERROR_ALREADY_EXISTS + * \return #PSA_ERROR_ALREADY_EXISTS * There is already a registered driver for this value of \p lifetime. - * \return PSA_ERROR_INVALID_ARGUMENT + * \return #PSA_ERROR_INVALID_ARGUMENT * \p lifetime is a reserved value. - * \return PSA_ERROR_NOT_SUPPORTED + * \return #PSA_ERROR_NOT_SUPPORTED * `methods->hal_version` is not supported by this implementation. - * \return PSA_ERROR_INSUFFICIENT_MEMORY - * \return PSA_ERROR_NOT_PERMITTED + * \return #PSA_ERROR_INSUFFICIENT_MEMORY + * \return #PSA_ERROR_NOT_PERMITTED */ psa_status_t psa_register_se_driver( psa_key_location_t location, diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index f6373b8c2..4dc8ad417 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -657,4 +657,91 @@ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0) +/** The default nonce size for an AEAD algorithm, in bytes. + * + * This macro can be used to allocate a buffer of sufficient size to + * store the nonce output from #psa_aead_generate_nonce(). + * + * See also #PSA_AEAD_NONCE_MAX_SIZE. + * + * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), + * #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by + * #psa_aead_generate_nonce(). + * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * + * \param key_type A symmetric key type that is compatible with algorithm \p alg. + * + * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \return The default nonce size for the specified key type and algorithm. + * If the key type or AEAD algorithm is not recognized, + * or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size for a key type + * and AEAD algorithm that it recognizes, but does not support. + */ +#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ + (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \ + (PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \ + (key_type) == PSA_KEY_TYPE_CHACHA20 && \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ + 0) + +/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes. + * + * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return. + * + * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), + * #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by + * #psa_aead_generate_nonce(). + */ +#define PSA_AEAD_NONCE_MAX_SIZE 12 + +/** The default IV size for a cipher algorithm, in bytes. + * + * The IV that is generated as part of a call to #psa_cipher_encrypt() is always + * the default IV length for the algorithm. + * + * This macro can be used to allocate a buffer of sufficient size to + * store the IV output from #psa_cipher_generate_iv() when using + * a multi-part cipher operation. + * + * See also #PSA_CIPHER_IV_MAX_SIZE. + * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * + * \param key_type A symmetric key type that is compatible with algorithm \p alg. + * + * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \return The default IV size for the specified key type and algorithm. + * If the algorithm does not use an IV, return 0. + * If the key type or cipher algorithm is not recognized, + * or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size for a key type + * and cipher algorithm that it recognizes, but does not support. + */ +#define PSA_CIPHER_IV_LENGTH(key_type, alg) \ + (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \ + ((alg) == PSA_ALG_CTR || \ + (alg) == PSA_ALG_CFB || \ + (alg) == PSA_ALG_OFB || \ + (alg) == PSA_ALG_XTS || \ + (alg) == PSA_ALG_CBC_NO_PADDING || \ + (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ + (key_type) == PSA_KEY_TYPE_CHACHA20 && \ + (alg) == PSA_ALG_CHACHA20 ? 12 : \ + 0) + +/** The maximum IV size for all supported cipher algorithms, in bytes. + * + * See also #PSA_CIPHER_IV_LENGTH(). + */ +#define PSA_CIPHER_IV_MAX_SIZE 16 + #endif /* PSA_CRYPTO_SIZES_H */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 67c53db92..6a018e1f9 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -77,6 +77,16 @@ extern "C" { #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +typedef struct { + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_driver_wrappers.h */ + unsigned int id; + /** Context structure for the assigned driver, when id is not zero. */ + void* ctx; +} psa_operation_driver_context_t; + struct psa_hash_operation_s { psa_algorithm_t alg; @@ -158,16 +168,18 @@ struct psa_cipher_operation_s unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; + unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */ uint8_t iv_size; uint8_t block_size; union { unsigned dummy; /* Enable easier initializing of the union. */ mbedtls_cipher_context_t cipher; + psa_operation_driver_context_t driver; } ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; @@ -330,12 +342,12 @@ typedef struct psa_key_type_t type; psa_key_bits_t bits; psa_key_lifetime_t lifetime; - psa_key_id_t id; + mbedtls_svc_key_id_t id; psa_key_policy_t policy; psa_key_attributes_flag_t flags; } psa_core_key_attributes_t; -#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} +#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} struct psa_key_attributes_s { @@ -359,29 +371,44 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) return( v ); } -static inline void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id) +static inline void psa_set_key_id( psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t key ) { - attributes->core.id = id; - if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; + psa_key_lifetime_t lifetime = attributes->core.lifetime; + + attributes->core.id = key; + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + attributes->core.lifetime = + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_PERSISTENT, + PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) ); + } } -static inline psa_key_id_t psa_get_key_id( +static inline mbedtls_svc_key_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { return( attributes->core.id ); } +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, + mbedtls_key_owner_id_t owner ) +{ + attributes->core.id.owner = owner; +} +#endif + static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { attributes->core.lifetime = lifetime; - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { -#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER attributes->core.id.key_id = 0; - attributes->core.id.owner = 0; #else attributes->core.id = 0; #endif diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 17718eb6d..0a2ae5428 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -33,6 +33,8 @@ #ifndef PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H +#include "crypto_platform.h" + #include /** \defgroup error Error codes @@ -123,7 +125,7 @@ typedef uint32_t psa_algorithm_t; * implementation-specific device management event occurs (for example, * a factory reset). * - * Persistent keys have a key identifier of type #psa_key_id_t. + * Persistent keys have a key identifier of type #mbedtls_svc_key_id_t. * This identifier remains valid throughout the lifetime of the key, * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that @@ -226,15 +228,24 @@ typedef uint32_t psa_key_location_t; * - 0 is reserved as an invalid key identifier. * - Key identifiers outside these ranges are reserved for future use. */ -/* Implementation-specific quirk: The Mbed Crypto library can be built as - * part of a multi-client service that exposes the PSA Crypto API in each - * client and encodes the client identity in the key id argument of functions - * such as psa_open_key(). In this build configuration, we define - * psa_key_id_t in crypto_platform.h instead of here. */ -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) typedef uint32_t psa_key_id_t; -#define PSA_KEY_ID_INIT 0 -#endif + +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) +typedef psa_key_id_t mbedtls_svc_key_id_t; + +#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +/* Implementation-specific: The Mbed Cryptography library can be built as + * part of a multi-client service that exposes the PSA Cryptograpy API in each + * client and encodes the client identity in the key identifier argument of + * functions such as psa_open_key(). + */ +typedef struct +{ + psa_key_id_t key_id; + mbedtls_key_owner_id_t owner; +} mbedtls_svc_key_id_t; + +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /**@}*/ @@ -341,7 +352,7 @@ typedef uint32_t psa_key_usage_t; * -# Call a key creation function: psa_import_key(), psa_generate_key(), * psa_key_derivation_output_key() or psa_copy_key(). This function reads * the attribute structure, creates a key with these attributes, and - * outputs a handle to the newly created key. + * outputs a key identifier to the newly created key. * -# The attribute structure is now no longer necessary. * You may call psa_reset_key_attributes(), although this is optional * with the workflow presented here because the attributes currently diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a94071180..580b89e09 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -108,7 +108,7 @@ * as applicable. * * Implementations shall not return this error code to indicate that a - * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE + * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ #define PSA_ERROR_BAD_STATE ((psa_status_t)-137) @@ -118,7 +118,7 @@ * combination of parameters are recognized as invalid. * * Implementations shall not return this error code to indicate that a - * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE + * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) @@ -266,7 +266,7 @@ * to read from a resource. */ #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) -/** The key handle is not valid. See also :ref:\`key-handles\`. +/** The key identifier is not valid. See also :ref:\`key-handles\`. */ #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) @@ -769,9 +769,9 @@ * an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each * call to sign or verify a message may use a different hash. * ``` - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); * ``` * * This value may not be used to build other algorithms that are @@ -978,6 +978,26 @@ */ #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff) +/** The Electronic Code Book (ECB) mode of a block cipher, with no padding. + * + * \warning ECB mode does not protect the confidentiality of the encrypted data + * except in extremely narrow circumstances. It is recommended that applications + * only use ECB if they need to construct an operating mode that the + * implementation does not provide. Implementations are encouraged to provide + * the modes that applications need in preference to supporting direct access + * to ECB. + * + * The underlying block cipher is determined by the key type. + * + * This symmetric cipher mode can only be used with messages whose lengths are a + * multiple of the block size of the chosen block cipher. + * + * ECB mode does not accept an initialization vector (IV). When using a + * multi-part cipher operation with this algorithm, psa_cipher_generate_iv() + * and psa_cipher_set_iv() must not be called. + */ +#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) + /** The CBC block cipher chaining mode, with no padding. * * The underlying block cipher is determined by the key type. @@ -1432,7 +1452,7 @@ * a key derivation function. * Usually, raw key agreement algorithms are constructed directly with * a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are - * constructed with PSA_ALG_KEY_AGREEMENT(). + * constructed with #PSA_ALG_KEY_AGREEMENT(). * * \param alg An algorithm identifier (value of type #psa_algorithm_t). * @@ -1541,7 +1561,7 @@ /** The default lifetime for volatile keys. * - * A volatile key only exists as long as the handle to it is not closed. + * A volatile key only exists as long as the identifier to it is not destroyed. * The key material is guaranteed to be erased on a power reset. * * A key with this lifetime is typically stored in the RAM area of the @@ -1636,16 +1656,105 @@ /** The minimum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) +#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) /** The maximum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff) +#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff) /** The minimum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000) +#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000) /** The maximum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff) +#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) + + +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + +#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 ) + +/** Utility to initialize a key identifier at runtime. + * + * \param unused Unused parameter. + * \param key_id Identifier of the key. + */ +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( + unsigned int unused, psa_key_id_t key_id ) +{ + (void)unused; + + return( key_id ); +} + +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( id1 == id2 ); +} + +/** Check whether a key identifier is null. + * + * \param key Key identifier. + * + * \return Non-zero if the key identifier is null, zero otherwise. + */ +static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) +{ + return( key == 0 ); +} + +#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ + +#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner ) + +/** Utility to initialize a key identifier at runtime. + * + * \param owner_id Identifier of the key owner. + * \param key_id Identifier of the key. + */ +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( + mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) +{ + return( (mbedtls_svc_key_id_t){ .key_id = key_id, + .owner = owner_id } ); +} + +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( ( id1.key_id == id2.key_id ) && + mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); +} + +/** Check whether a key identifier is null. + * + * \param key Key identifier. + * + * \return Non-zero if the key identifier is null, zero otherwise. + */ +static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) +{ + return( ( key.key_id == 0 ) && ( key.owner == 0 ) ); +} + +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /**@}*/ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 1bdc59ec1..89625558a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -61,6 +61,7 @@ set(src_crypto platform_util.c poly1305.c psa_crypto.c + psa_crypto_driver_wrappers.c psa_crypto_se.c psa_crypto_slot_management.c psa_crypto_storage.c @@ -103,6 +104,7 @@ set(src_tls ssl_srv.c ssl_ticket.c ssl_tls.c + ssl_tls13_keys.c ) if(CMAKE_COMPILER_IS_GNUCC) @@ -148,46 +150,59 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) message(FATAL_ERROR "Need to choose static or shared mbedtls build!") endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) -set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") +set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls") +set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509") +set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto") + +set(mbedtls_target ${mbedtls_target} PARENT_SCOPE) +set(mbedx509_target ${mbedx509_target} PARENT_SCOPE) +set(mbedcrypto_target ${mbedcrypto_target} PARENT_SCOPE) + +if (USE_STATIC_MBEDTLS_LIBRARY) + set(mbedtls_static_target ${mbedtls_target}) + set(mbedx509_static_target ${mbedx509_target}) + set(mbedcrypto_static_target ${mbedcrypto_target}) +endif() + +set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target}) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - set(mbedtls_static_target "mbedtls_static") - set(mbedx509_static_target "mbedx509_static") - set(mbedcrypto_static_target "mbedcrypto_static") + string(APPEND mbedtls_static_target "_static") + string(APPEND mbedx509_static_target "_static") + string(APPEND mbedcrypto_static_target "_static") + list(APPEND target_libraries - "mbedcrypto_static" "mbedx509_static" "mbedtls_static") -elseif(USE_STATIC_MBEDTLS_LIBRARY) - set(mbedtls_static_target "mbedtls") - set(mbedx509_static_target "mbedx509") - set(mbedcrypto_static_target "mbedcrypto") + ${mbedcrypto_static_target} + ${mbedx509_static_target} + ${mbedtls_static_target}) endif() if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) - target_link_libraries(${mbedcrypto_static_target} ${libs}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) - target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) + target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) - target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) + target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.23.0 SOVERSION 5) - target_link_libraries(mbedcrypto ${libs}) + add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.24.0 SOVERSION 5) + target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) - add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.23.0 SOVERSION 1) - target_link_libraries(mbedx509 ${libs} mbedcrypto) + add_library(${mbedx509_target} SHARED ${src_x509}) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.24.0 SOVERSION 1) + target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) - add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.23.0 SOVERSION 13) - target_link_libraries(mbedtls ${libs} mbedx509) + add_library(${mbedtls_target} SHARED ${src_tls}) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.24.0 SOVERSION 13) + target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) @@ -208,7 +223,9 @@ foreach(target IN LISTS target_libraries) PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) -add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) +set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") + +add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target}) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static) + add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target}) endif() diff --git a/library/Makefile b/library/Makefile index b76a84bdd..a6db9b3e6 100644 --- a/library/Makefile +++ b/library/Makefile @@ -118,6 +118,7 @@ OBJS_CRYPTO= \ platform_util.o \ poly1305.o \ psa_crypto.o \ + psa_crypto_driver_wrappers.o \ psa_crypto_se.o \ psa_crypto_slot_management.o \ psa_crypto_storage.o \ @@ -162,6 +163,7 @@ OBJS_TLS= \ ssl_srv.o \ ssl_ticket.o \ ssl_tls.o \ + ssl_tls13_keys.o \ # This line is intentionally left blank .SILENT: diff --git a/library/aes.c b/library/aes.c index ed48b24d3..3f616427a 100644 --- a/library/aes.c +++ b/library/aes.c @@ -730,6 +730,7 @@ exit: return( ret ); } +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys( const unsigned char *key, @@ -808,8 +809,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ - #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ do \ { \ @@ -867,63 +866,56 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ) { int i; - uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; + uint32_t *RK = ctx->rk; + struct + { + uint32_t X[4]; + uint32_t Y[4]; + } t; - RK = ctx->rk; - - GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++; - GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++; - GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++; - GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++; + GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; + GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; + GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; + GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { - AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); - AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); } - AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - X0 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + t.X[0] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); - X1 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + t.X[1] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); - X2 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + t.X[2] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); - X3 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + t.X[3] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); - PUT_UINT32_LE( X0, output, 0 ); - PUT_UINT32_LE( X1, output, 4 ); - PUT_UINT32_LE( X2, output, 8 ); - PUT_UINT32_LE( X3, output, 12 ); + PUT_UINT32_LE( t.X[0], output, 0 ); + PUT_UINT32_LE( t.X[1], output, 4 ); + PUT_UINT32_LE( t.X[2], output, 8 ); + PUT_UINT32_LE( t.X[3], output, 12 ); - mbedtls_platform_zeroize( &X0, sizeof( X0 ) ); - mbedtls_platform_zeroize( &X1, sizeof( X1 ) ); - mbedtls_platform_zeroize( &X2, sizeof( X2 ) ); - mbedtls_platform_zeroize( &X3, sizeof( X3 ) ); - - mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) ); - mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) ); - mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); - mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); - - mbedtls_platform_zeroize( &RK, sizeof( RK ) ); + mbedtls_platform_zeroize( &t, sizeof( t ) ); return( 0 ); } @@ -947,63 +939,56 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, unsigned char output[16] ) { int i; - uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; + uint32_t *RK = ctx->rk; + struct + { + uint32_t X[4]; + uint32_t Y[4]; + } t; - RK = ctx->rk; - - GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++; - GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++; - GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++; - GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++; + GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; + GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; + GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; + GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { - AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); - AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); } - AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - X0 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + t.X[0] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); - X1 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + t.X[1] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); - X2 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + t.X[2] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); - X3 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + t.X[3] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); - PUT_UINT32_LE( X0, output, 0 ); - PUT_UINT32_LE( X1, output, 4 ); - PUT_UINT32_LE( X2, output, 8 ); - PUT_UINT32_LE( X3, output, 12 ); + PUT_UINT32_LE( t.X[0], output, 0 ); + PUT_UINT32_LE( t.X[1], output, 4 ); + PUT_UINT32_LE( t.X[2], output, 8 ); + PUT_UINT32_LE( t.X[3], output, 12 ); - mbedtls_platform_zeroize( &X0, sizeof( X0 ) ); - mbedtls_platform_zeroize( &X1, sizeof( X1 ) ); - mbedtls_platform_zeroize( &X2, sizeof( X2 ) ); - mbedtls_platform_zeroize( &X3, sizeof( X3 ) ); - - mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) ); - mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) ); - mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); - mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); - - mbedtls_platform_zeroize( &RK, sizeof( RK ) ); + mbedtls_platform_zeroize( &t, sizeof( t ) ); return( 0 ); } diff --git a/library/bignum.c b/library/bignum.c index 1f99ca7be..d5b644f4a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2101,7 +2101,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, size_t i, j, nblimbs; size_t bufsize, nbits; mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; + mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; MPI_VALIDATE_RET( X != NULL ); diff --git a/library/ccm.c b/library/ccm.c index e6ca588ba..424ee77b6 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -175,7 +175,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, if( iv_len < 7 || iv_len > 13 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - if( add_len > 0xFF00 ) + if( add_len >= 0xFF00 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); q = 16 - 1 - (unsigned char) iv_len; diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h new file mode 100644 index 000000000..cac90a0df --- /dev/null +++ b/library/check_crypto_config.h @@ -0,0 +1,72 @@ +/** + * \file check_crypto_config.h + * + * \brief Consistency checks for PSA configuration options + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * It is recommended to include this file from your crypto_config.h + * in order to catch dependency issues early. + */ + +#ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H +#define MBEDTLS_CHECK_CRYPTO_CONFIG_H + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ + !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_ECDSA) && \ + !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_OAEP) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR defined, but not all prerequisites" +#endif + +#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 8eb2ec02b..57eb3cb67 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -753,7 +753,7 @@ static const mbedtls_cipher_info_t camellia_128_ecb_info = { MBEDTLS_MODE_ECB, 128, "CAMELLIA-128-ECB", - 16, + 0, 0, 16, &camellia_info @@ -764,7 +764,7 @@ static const mbedtls_cipher_info_t camellia_192_ecb_info = { MBEDTLS_MODE_ECB, 192, "CAMELLIA-192-ECB", - 16, + 0, 0, 16, &camellia_info @@ -775,7 +775,7 @@ static const mbedtls_cipher_info_t camellia_256_ecb_info = { MBEDTLS_MODE_ECB, 256, "CAMELLIA-256-ECB", - 16, + 0, 0, 16, &camellia_info @@ -1129,7 +1129,7 @@ static const mbedtls_cipher_info_t aria_128_ecb_info = { MBEDTLS_MODE_ECB, 128, "ARIA-128-ECB", - 16, + 0, 0, 16, &aria_info @@ -1140,7 +1140,7 @@ static const mbedtls_cipher_info_t aria_192_ecb_info = { MBEDTLS_MODE_ECB, 192, "ARIA-192-ECB", - 16, + 0, 0, 16, &aria_info @@ -1151,7 +1151,7 @@ static const mbedtls_cipher_info_t aria_256_ecb_info = { MBEDTLS_MODE_ECB, 256, "ARIA-256-ECB", - 16, + 0, 0, 16, &aria_info @@ -1553,7 +1553,7 @@ static const mbedtls_cipher_info_t des_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES, "DES-ECB", - 8, + 0, 0, 8, &des_info @@ -1604,7 +1604,7 @@ static const mbedtls_cipher_info_t des_ede_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES_EDE, "DES-EDE-ECB", - 8, + 0, 0, 8, &des_ede_info @@ -1655,7 +1655,7 @@ static const mbedtls_cipher_info_t des_ede3_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES_EDE3, "DES-EDE3-ECB", - 8, + 0, 0, 8, &des_ede3_info @@ -1770,7 +1770,7 @@ static const mbedtls_cipher_info_t blowfish_ecb_info = { MBEDTLS_MODE_ECB, 128, "BLOWFISH-ECB", - 8, + 0, MBEDTLS_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info diff --git a/library/cmac.c b/library/cmac.c index 816bf13da..59ece155e 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -420,7 +420,7 @@ exit: */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char *output ) + unsigned char output[16] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; diff --git a/library/ecp.c b/library/ecp.c index 5d00de5cf..05a0b0175 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -546,8 +546,11 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 4bf660e05..5250a7bfe 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -17,7 +17,7 @@ * limitations under the License. */ -#if defined(__linux__) +#if defined(__linux__) && !defined(_GNU_SOURCE) /* Ensure that syscall() is available even when compiling with -std=c99 */ #define _GNU_SOURCE #endif diff --git a/library/error.c b/library/error.c index cba61e9e7..901a3699a 100644 --- a/library/error.c +++ b/library/error.c @@ -19,20 +19,20 @@ #include "common.h" -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include -#endif +#include "mbedtls/error.h" + +#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include #if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" @@ -960,8 +960,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -973,6 +971,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/library/md.c b/library/md.c index 430ba5db5..de77b164b 100644 --- a/library/md.c +++ b/library/md.c @@ -411,6 +411,10 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf if( md_info == NULL || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + ctx->md_info = md_info; + ctx->md_ctx = NULL; + ctx->hmac_ctx = NULL; + switch( md_info->type ) { #if defined(MBEDTLS_MD2_C) @@ -466,8 +470,6 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf } } - ctx->md_info = md_info; - return( 0 ); } #undef ALLOC diff --git a/library/md2.c b/library/md2.c index 9878f3fe0..7264e3031 100644 --- a/library/md2.c +++ b/library/md2.c @@ -290,8 +290,7 @@ static const unsigned char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md2_test_strlen[7] = diff --git a/library/md4.c b/library/md4.c index 1ed1cec65..4fd6bc3e4 100644 --- a/library/md4.c +++ b/library/md4.c @@ -414,8 +414,7 @@ static const unsigned char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md4_test_strlen[7] = diff --git a/library/md5.c b/library/md5.c index d90e8234e..c4f2dbfac 100644 --- a/library/md5.c +++ b/library/md5.c @@ -428,8 +428,7 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md5_test_buflen[7] = diff --git a/library/net_sockets.c b/library/net_sockets.c index 3f96cabe4..54c2b472f 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -318,7 +318,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ - defined(socklen_t) + defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else diff --git a/library/pk.c b/library/pk.c index 8ffbed2a9..ecf002d45 100644 --- a/library/pk.c +++ b/library/pk.c @@ -150,11 +150,12 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) /* * Initialise a PSA-wrapping context */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ) +int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, + const psa_key_id_t key ) { const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t *pk_ctx; + psa_key_id_t *pk_ctx; psa_key_type_t type; if( ctx == NULL || ctx->pk_info != NULL ) @@ -174,7 +175,7 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ctx->pk_info = info; - pk_ctx = (psa_key_handle_t *) ctx->pk_ctx; + pk_ctx = (psa_key_id_t *) ctx->pk_ctx; *pk_ctx = key; return( 0 ); @@ -587,10 +588,13 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * Currently only works for EC private keys. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_handle_t *handle, + psa_key_id_t *key, psa_algorithm_t hash_alg ) { #if !defined(MBEDTLS_ECP_C) + ((void) pk); + ((void) key); + ((void) hash_alg); return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); #else const mbedtls_ecp_keypair *ec; @@ -621,14 +625,14 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, handle ) ) + if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); /* make PK context wrap the key slot */ mbedtls_pk_free( pk ); mbedtls_pk_init( pk ); - return( mbedtls_pk_setup_opaque( pk, *handle ) ); + return( mbedtls_pk_setup_opaque( pk, *key ) ); #endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6bf316974..107e912ac 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -543,7 +543,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, mbedtls_ecdsa_context *ctx = ctx_arg; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_id_t key_id = 0; psa_status_t status; mbedtls_pk_context key; int key_len; @@ -551,11 +551,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES]; unsigned char *p; mbedtls_pk_info_t pk_info = mbedtls_eckey_info; - psa_algorithm_t psa_sig_md, psa_md; + psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; + ((void) md_alg); if( curve == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -569,18 +570,13 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_md = mbedtls_psa_translate_md( md_alg ); - if( psa_md == 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_sig_md = PSA_ALG_ECDSA( psa_md ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, psa_sig_md ); status = psa_import_key( &attributes, buf + sizeof( buf ) - key_len, key_len, - &key_handle ); + &key_id ); if( status != PSA_SUCCESS ) { ret = mbedtls_psa_err_translate_pk( status ); @@ -602,7 +598,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, goto cleanup; } - if( psa_verify_hash( key_handle, psa_sig_md, + if( psa_verify_hash( key_id, psa_sig_md, hash, hash_len, buf, 2 * signature_part_size ) != PSA_SUCCESS ) @@ -619,7 +615,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, ret = 0; cleanup: - psa_destroy_key( key_handle ); + psa_destroy_key( key_id ); return( ret ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -874,7 +870,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { static void *pk_opaque_alloc_wrap( void ) { - void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) ); + void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); /* no _init() function to call, an calloc() already zeroized */ @@ -883,13 +879,13 @@ static void *pk_opaque_alloc_wrap( void ) static void pk_opaque_free_wrap( void *ctx ) { - mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) ); mbedtls_free( ctx ); } static size_t pk_opaque_get_bitlen( const void *ctx ) { - const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; + const psa_key_id_t *key = (const psa_key_id_t *) ctx; size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -910,6 +906,8 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type ) type == MBEDTLS_PK_ECDSA ); } +#if defined(MBEDTLS_ECDSA_C) + /* * Simultaneously convert and move raw MPI from the beginning of a buffer * to an ASN.1 MPI at the end of the buffer. @@ -992,12 +990,25 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, return( 0 ); } +#endif /* MBEDTLS_ECDSA_C */ + static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; +#if !defined(MBEDTLS_ECDSA_C) + ((void) ctx); + ((void) md_alg); + ((void) hash); + ((void) hash_len); + ((void) sig); + ((void) sig_len); + ((void) f_rng); + ((void) p_rng); + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#else /* !MBEDTLS_ECDSA_C */ + const psa_key_id_t *key = (const psa_key_id_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); size_t buf_len; @@ -1027,6 +1038,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) ); +#endif /* !MBEDTLS_ECDSA_C */ } const mbedtls_pk_info_t mbedtls_pk_opaque_info = { diff --git a/library/pkparse.c b/library/pkparse.c index a106dbe3e..0590f2b05 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -662,7 +662,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if( ret == 0 && *p != end ) - ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; if( ret != 0 ) diff --git a/library/pkwrite.c b/library/pkwrite.c index b317ccf22..0da369818 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -198,13 +198,13 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE ) { size_t buffer_size; - psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx; + psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx; if ( *p < start ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); buffer_size = (size_t)( *p - start ); - if ( psa_export_public_key( *key_slot, start, buffer_size, &len ) + if ( psa_export_public_key( *key_id, start, buffer_size, &len ) != PSA_SUCCESS ) { return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -265,12 +265,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - psa_key_handle_t handle; + psa_key_id_t key_id; psa_ecc_family_t curve; size_t bits; - handle = *((psa_key_handle_t*) key->pk_ctx ); - if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) ) + key_id = *((psa_key_id_t*) key->pk_ctx ); + if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) ) return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); key_type = psa_get_key_type( &attributes ); bits = psa_get_key_bits( &attributes ); diff --git a/library/platform_util.c b/library/platform_util.c index 4e1d617bd..98fe5deb2 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -84,7 +84,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -98,7 +98,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bffddc995..66c8f65bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -22,11 +22,16 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "check_crypto_config.h" +#endif + #include "psa_crypto_service_integration.h" #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#include "psa_crypto_driver_wrappers.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include "psa_crypto_se.h" #endif @@ -124,7 +129,7 @@ static psa_global_data_t global_data; if( global_data.initialized == 0 ) \ return( PSA_ERROR_BAD_STATE ); -static psa_status_t mbedtls_to_psa_error( int ret ) +psa_status_t mbedtls_to_psa_error( int ret ) { /* If there's both a high-level code and low-level code, dispatch on * the high-level code. */ @@ -198,7 +203,7 @@ static psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_CIPHER_INVALID_PADDING: return( PSA_ERROR_INVALID_PADDING ); case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); case MBEDTLS_ERR_CIPHER_AUTH_FAILED: return( PSA_ERROR_INVALID_SIGNATURE ); case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: @@ -369,7 +374,15 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_ECP_C) +/* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the + * current test driver in key_management.c is using this function + * when accelerators are used for ECC key pair and public key. + * Once that dependency is resolved these guards can be removed. + */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ) { @@ -437,7 +450,10 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, return( MBEDTLS_ECP_DP_NONE ); } } -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, size_t bits ) @@ -446,9 +462,7 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, switch( type ) { case PSA_KEY_TYPE_RAW_DATA: -#if defined(MBEDTLS_MD_C) case PSA_KEY_TYPE_HMAC: -#endif case PSA_KEY_TYPE_DERIVE: break; #if defined(MBEDTLS_AES_C) @@ -490,9 +504,13 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, return( PSA_SUCCESS ); } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) -#if defined(MBEDTLS_PK_PARSE_C) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes * that are not a multiple of 8) well. For example, there is only * mbedtls_rsa_get_len(), which returns a number of bytes, and no @@ -514,7 +532,6 @@ static psa_status_t psa_check_rsa_key_byte_aligned( mbedtls_mpi_free( &n ); return( status ); } -#endif /* MBEDTLS_PK_PARSE_C */ /** Load the contents of a key buffer into an internal RSA representation * @@ -531,7 +548,6 @@ static psa_status_t psa_load_rsa_representation( psa_key_type_t type, size_t data_length, mbedtls_rsa_context **p_rsa ) { -#if defined(MBEDTLS_PK_PARSE_C) psa_status_t status; mbedtls_pk_context ctx; size_t bits; @@ -576,15 +592,18 @@ static psa_status_t psa_load_rsa_representation( psa_key_type_t type, exit: mbedtls_pk_free( &ctx ); return( status ); -#else - (void) data; - (void) data_length; - (void) type; - (void) rsa; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PK_PARSE_C */ } +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + /** Export an RSA key to export representation * * \param[in] type The type of key (public/private) to export @@ -708,9 +727,15 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_RSA_C) */ -#if defined(MBEDTLS_ECP_C) +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /** Load the contents of a key buffer into an internal ECP representation * * \param[in] type The type of key contained in \p data. @@ -738,7 +763,7 @@ static psa_status_t psa_load_ecp_representation( psa_key_type_t type, * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where n is the key size in bits. + * So its data length is 2m+1 where m is the curve size in bits. */ if( ( data_length & 1 ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -810,7 +835,14 @@ exit: return( status ); } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) /** Export an ECP key to export representation * * \param[in] type The type of key (public/private) to export @@ -929,7 +961,8 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ /** Return the size of the key in the given slot, in bits. * @@ -968,14 +1001,45 @@ static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot, return( PSA_SUCCESS ); } -/** Import key data into a slot. `slot->attr.type` must have been set - * previously. This function assumes that the slot does not contain - * any key material yet. On failure, the slot content is unchanged. */ -psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, - const uint8_t *data, - size_t data_length ) +psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, + const uint8_t* data, + size_t data_length ) +{ + psa_status_t status = psa_allocate_buffer_to_slot( slot, + data_length ); + if( status != PSA_SUCCESS ) + return( status ); + + memcpy( slot->data.key.data, data, data_length ); + return( PSA_SUCCESS ); +} + +/** Import key data into a slot. + * + * `slot->type` must have been set previously. + * This function assumes that the slot does not contain any key material yet. + * On failure, the slot content is unchanged. + * + * Persistent storage is not affected. + * + * \param[in,out] slot The key slot to import data into. + * Its `type` field must have previously been set to + * the desired key type. + * It must not contain any key material yet. + * \param[in] data Buffer containing the key material to parse and import. + * \param data_length Size of \p data in bytes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length ) { psa_status_t status = PSA_SUCCESS; + size_t bit_size; /* zero-length keys are never supported. */ if( data_length == 0 ) @@ -983,7 +1047,7 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, if( key_type_is_raw_bytes( slot->attr.type ) ) { - size_t bit_size = PSA_BYTES_TO_BITS( data_length ); + bit_size = PSA_BYTES_TO_BITS( data_length ); /* Ensure that the bytes-to-bits conversion hasn't overflown. */ if( data_length > SIZE_MAX / 8 ) @@ -999,47 +1063,69 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, return( status ); /* Allocate memory for the key */ - status = psa_allocate_buffer_to_slot( slot, data_length ); + status = psa_copy_key_material_into_slot( slot, data, data_length ); if( status != PSA_SUCCESS ) return( status ); - /* copy key into allocated buffer */ - memcpy( slot->data.key.data, data, data_length ); - /* Write the actual key size to the slot. * psa_start_key_creation() wrote the size declared by the * caller, which may be 0 (meaning unspecified) or wrong. */ slot->attr.bits = (psa_key_bits_t) bit_size; + + return( PSA_SUCCESS ); } - else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECP_C) - status = psa_import_ecp_key( slot, - data, data_length ); -#else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do ECP with the current library. */ + /* Try validation through accelerators first. */ + bit_size = slot->attr.bits; + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_driver_wrapper_validate_key( &attributes, + data, + data_length, + &bit_size ); + if( status == PSA_SUCCESS ) + { + /* Key has been validated successfully by an accelerator. + * Copy key material into slot. */ + status = psa_copy_key_material_into_slot( slot, data, data_length ); + if( status != PSA_SUCCESS ) + return( status ); + + slot->attr.bits = (psa_key_bits_t) bit_size; + return( PSA_SUCCESS ); + } + else if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + + /* Key format is not supported by any accelerator, try software fallback + * if present. */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + { + return( psa_import_ecp_key( slot, data, data_length ) ); + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) + { + return( psa_import_rsa_key( slot, data, data_length ) ); + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ + + /* Fell through the fallback as well, so have nothing else to try. */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* defined(MBEDTLS_ECP_C) */ - } - else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { -#if defined(MBEDTLS_RSA_C) - status = psa_import_rsa_key( slot, - data, data_length ); -#else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do RSA with the current library. */ - status = PSA_ERROR_NOT_SUPPORTED; -#endif /* defined(MBEDTLS_RSA_C) */ } else { /* Unknown key type */ return( PSA_ERROR_NOT_SUPPORTED ); } - - return( status ); } /** Calculate the intersection of two algorithm usage policies. @@ -1083,6 +1169,15 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, return( ( policy_alg & ~PSA_ALG_HASH_MASK ) == ( requested_alg & ~PSA_ALG_HASH_MASK ) ); } + /* If policy_alg is a generic key agreement operation, then using it for + * a key derivation with that key agreement should also be allowed. This + * behaviour is expected to be defined in a future specification version. */ + if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) && + PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) ) + { + return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) == + policy_alg ); + } /* If it isn't permitted, it's forbidden. */ return( 0 ); } @@ -1128,22 +1223,31 @@ static psa_status_t psa_restrict_key_policy( return( PSA_SUCCESS ); } -/** Retrieve a slot which must contain a key. The key must have allow all the - * usage flags set in \p usage. If \p alg is nonzero, the key must allow - * operations with this algorithm. */ -static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg ) +/** Get the description of a key given its identifier and policy constraints + * and lock it. + * + * The key must have allow all the usage flags set in \p usage. If \p alg is + * nonzero, the key must allow operations with this algorithm. + * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. + */ +static psa_status_t psa_get_and_lock_key_slot_with_policy( + mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ) { - psa_status_t status; - psa_key_slot_t *slot = NULL; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; - *p_slot = NULL; - - status = psa_get_key_slot( handle, &slot ); + status = psa_get_and_lock_key_slot( key, p_slot ); if( status != PSA_SUCCESS ) return( status ); + slot = *p_slot; /* Enforce that usage policy for the key slot contains all the flags * required by the usage parameter. There is one exception: public @@ -1151,45 +1255,61 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, * if they had the export flag. */ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ) usage &= ~PSA_KEY_USAGE_EXPORT; + + status = PSA_ERROR_NOT_PERMITTED; if( ( slot->attr.policy.usage & usage ) != usage ) - return( PSA_ERROR_NOT_PERMITTED ); + goto error; /* Enforce that the usage policy permits the requested algortihm. */ if( alg != 0 && ! psa_key_policy_permits( &slot->attr.policy, alg ) ) - return( PSA_ERROR_NOT_PERMITTED ); + goto error; - *p_slot = slot; return( PSA_SUCCESS ); + +error: + *p_slot = NULL; + psa_unlock_key_slot( slot ); + + return( status ); } -/** Retrieve a slot which must contain a transparent key. +/** Get a key slot containing a transparent key and lock it. * * A transparent key is a key for which the key material is directly * available, as opposed to a key in a secure element. * - * This is a temporary function to use instead of psa_get_key_from_slot() - * until secure element support is fully implemented. + * This is a temporary function to use instead of + * psa_get_and_lock_key_slot_with_policy() until secure element support is + * fully implemented. + * + * On success, the returned key slot is locked. It is the responsibility of the + * caller to unlock the key slot when it does not access it anymore. */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static psa_status_t psa_get_transparent_key( psa_key_handle_t handle, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( + mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ) { - psa_status_t status = psa_get_key_from_slot( handle, p_slot, usage, alg ); + psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot, + usage, alg ); if( status != PSA_SUCCESS ) return( status ); + if( psa_key_slot_is_external( *p_slot ) ) { + psa_unlock_key_slot( *p_slot ); *p_slot = NULL; return( PSA_ERROR_NOT_SUPPORTED ); } + return( PSA_SUCCESS ); } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ /* With no secure element support, all keys are transparent. */ -#define psa_get_transparent_key( handle, p_slot, usage, alg ) \ - psa_get_key_from_slot( handle, p_slot, usage, alg ) +#define psa_get_and_lock_transparent_key_slot_with_policy( key, p_slot, usage, alg ) \ + psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /** Wipe key data from a slot. Preserve metadata such as the policy. */ @@ -1220,6 +1340,22 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) { psa_status_t status = psa_remove_key_data_from_memory( slot ); + + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report an unexpected lock counter: if available + * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as + * part of the execution of a test suite this will stop the test suite + * execution). + */ + if( slot->lock_count != 1 ) + { +#ifdef MBEDTLS_CHECK_PARAMS + MBEDTLS_PARAM_FAILED( slot->lock_count == 1 ); +#endif + status = PSA_ERROR_CORRUPTION_DETECTED; + } + /* Multipart operations may still be using the key. This is safe * because all multipart operation objects are independent from * the key slot: if they need to access the key after the setup @@ -1232,7 +1368,7 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) return( status ); } -psa_status_t psa_destroy_key( psa_key_handle_t handle ) +psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) { psa_key_slot_t *slot; psa_status_t status; /* status of the last operation */ @@ -1241,13 +1377,33 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle ) psa_se_drv_table_entry_t *driver; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( handle == 0 ) + if( mbedtls_svc_key_id_is_null( key ) ) return( PSA_SUCCESS ); - status = psa_get_key_slot( handle, &slot ); + /* + * Get the description of the key in a key slot. In case of a persistent + * key, this will load the key description from persistent memory if not + * done yet. We cannot avoid this loading as without it we don't know if + * the key is operated by an SE or not and this information is needed by + * the current implementation. + */ + status = psa_get_and_lock_key_slot( key, &slot ); if( status != PSA_SUCCESS ) return( status ); + /* + * If the key slot containing the key description is under access by the + * library (apart from the present access), the key cannot be destroyed + * yet. For the time being, just return in error. Eventually (to be + * implemented), the key should be destroyed when all accesses have + * stopped. + */ + if( slot->lock_count > 1 ) + { + psa_unlock_key_slot( slot ); + return( PSA_ERROR_GENERIC_ERROR ); + } + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) driver = psa_get_se_driver_entry( slot->attr.lifetime ); if( driver != NULL ) @@ -1283,7 +1439,7 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) { status = psa_destroy_persistent_key( slot->attr.id ); if( overall_status == PSA_SUCCESS ) @@ -1367,7 +1523,8 @@ psa_status_t psa_get_key_domain_parameters( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, psa_key_attributes_t *attributes ) @@ -1407,19 +1564,21 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_RSA_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. */ -psa_status_t psa_get_key_attributes( psa_key_handle_t handle, +psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; psa_reset_key_attributes( attributes ); - status = psa_get_key_from_slot( handle, &slot, 0, 0 ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); @@ -1434,7 +1593,8 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, switch( slot->attr.type ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1461,7 +1621,8 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* MBEDTLS_RSA_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ break; @@ -1469,7 +1630,10 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, if( status != PSA_SUCCESS ) psa_reset_key_attributes( attributes ); - return( status ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1557,13 +1721,24 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, /* Exporting private -> private */ return( psa_internal_export_key_buffer( slot, data, data_size, data_length ) ); } + /* Need to export the public part of a private key, - * so conversion is needed */ + * so conversion is needed. Try the accelerators first. */ + psa_status_t status = psa_driver_wrapper_export_public_key( slot, + data, + data_size, + data_length ); + + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + return( status ); + if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) mbedtls_rsa_context *rsa = NULL; - psa_status_t status = psa_load_rsa_representation( + status = psa_load_rsa_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, @@ -1584,13 +1759,15 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private RSA key to public. */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } else { -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; - psa_status_t status = psa_load_ecp_representation( + status = psa_load_ecp_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, @@ -1612,7 +1789,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private ECC key to public */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } } else @@ -1624,13 +1802,14 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, } } -psa_status_t psa_export_key( psa_key_handle_t handle, +psa_status_t psa_export_key( mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1639,22 +1818,28 @@ psa_status_t psa_export_key( psa_key_handle_t handle, *data_length = 0; /* Export requires the EXPORT flag. There is an exception for public keys, - * which don't require any flag, but psa_get_key_from_slot takes - * care of this. */ - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_EXPORT, 0 ); + * which don't require any flag, but + * psa_get_and_lock_key_slot_with_policy() takes care of this. + */ + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_EXPORT, 0 ); if( status != PSA_SUCCESS ) return( status ); - return( psa_internal_export_key( slot, data, data_size, - data_length, 0 ) ); + + status = psa_internal_export_key( slot, data, data_size, data_length, 0 ); + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_export_public_key( psa_key_handle_t handle, +psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1663,11 +1848,14 @@ psa_status_t psa_export_public_key( psa_key_handle_t handle, *data_length = 0; /* Exporting a public key doesn't require a usage flag. */ - status = psa_get_key_from_slot( handle, &slot, 0, 0 ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); - return( psa_internal_export_key( slot, data, data_size, - data_length, 1 ) ); + + status = psa_internal_export_key( slot, data, data_size, data_length, 1 ); + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(static_assert) @@ -1717,17 +1905,29 @@ static psa_status_t psa_validate_key_attributes( psa_se_drv_table_entry_t **p_drv ) { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); + mbedtls_svc_key_id_t key = psa_get_key_id( attributes ); - status = psa_validate_key_location( psa_get_key_lifetime( attributes ), - p_drv ); + status = psa_validate_key_location( lifetime, p_drv ); if( status != PSA_SUCCESS ) return( status ); - status = psa_validate_key_persistence( psa_get_key_lifetime( attributes ), - psa_get_key_id( attributes ) ); + status = psa_validate_key_persistence( lifetime ); if( status != PSA_SUCCESS ) return( status ); + if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + else + { + status = psa_validate_key_id( psa_get_key_id( attributes ), 0 ); + if( status != PSA_SUCCESS ) + return( status ); + } + status = psa_validate_key_policy( &attributes->core.policy ); if( status != PSA_SUCCESS ) return( status ); @@ -1755,15 +1955,18 @@ static psa_status_t psa_validate_key_attributes( * * This function is intended to be used as follows: * -# Call psa_start_key_creation() to allocate a key slot, prepare - * it with the specified attributes, and assign it a handle. + * it with the specified attributes, and in case of a volatile key assign it + * a volatile key identifier. * -# Populate the slot with the key material. * -# Call psa_finish_key_creation() to finalize the creation of the slot. * In case of failure at any step, stop the sequence and call * psa_fail_key_creation(). * + * On success, the key slot is locked. It is the responsibility of the caller + * to unlock the key slot when it does not access it anymore. + * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. - * \param[out] handle On success, a handle for the allocated slot. * \param[out] p_slot On success, a pointer to the prepared slot. * \param[out] p_drv On any return, the driver for the key, if any. * NULL for a transparent key. @@ -1776,11 +1979,11 @@ static psa_status_t psa_validate_key_attributes( static psa_status_t psa_start_key_creation( psa_key_creation_method_t method, const psa_key_attributes_t *attributes, - psa_key_handle_t *handle, psa_key_slot_t **p_slot, psa_se_drv_table_entry_t **p_drv ) { psa_status_t status; + psa_key_id_t volatile_key_id; psa_key_slot_t *slot; (void) method; @@ -1790,7 +1993,7 @@ static psa_status_t psa_start_key_creation( if( status != PSA_SUCCESS ) return( status ); - status = psa_get_empty_key_slot( handle, p_slot ); + status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); if( status != PSA_SUCCESS ) return( status ); slot = *p_slot; @@ -1799,9 +2002,19 @@ static psa_status_t psa_start_key_creation( * creation mechanism to verify that this information is correct. * It's automatically correct for mechanisms that use the bit-size as * an input (generate, device) but not for those where the bit-size - * is optional (import, copy). */ + * is optional (import, copy). In case of a volatile key, assign it the + * volatile key identifier associated to the slot returned to contain its + * definition. */ slot->attr = attributes->core; + if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) + { +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + slot->attr.id = volatile_key_id; +#else + slot->attr.id.key_id = volatile_key_id; +#endif + } /* Erase external-only flags from the internal copy. To access * external-only flags, query `attributes`. Thanks to the check @@ -1857,7 +2070,7 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - return( status ); + return( PSA_SUCCESS ); } /** Finalize the creation of a key once its key material has been set. @@ -1868,18 +2081,25 @@ static psa_status_t psa_start_key_creation( * See the documentation of psa_start_key_creation() for the intended use * of this function. * + * If the finalization succeeds, the function unlocks the key slot (it was + * locked by psa_start_key_creation()) and the key slot cannot be accessed + * anymore as part of the key creation process. + * * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, * or NULL for a transparent key. + * \param[out] key On success, identifier of the key. Note that the + * key identifier is also stored in the key slot. * * \retval #PSA_SUCCESS - * The key was successfully created. The handle is now valid. + * The key was successfully created. * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. */ static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot, - psa_se_drv_table_entry_t *driver ) + psa_se_drv_table_entry_t *driver, + mbedtls_svc_key_id_t *key) { psa_status_t status = PSA_SUCCESS; (void) slot; @@ -1896,13 +2116,9 @@ static psa_status_t psa_finish_key_creation( static_assert( sizeof( slot->data.se.slot_number ) == sizeof( data.slot_number ), "Slot number size does not match psa_se_key_data_storage_t" ); - static_assert( sizeof( slot->attr.bits ) == sizeof( data.bits ), - "Bit-size size does not match psa_se_key_data_storage_t" ); #endif memcpy( &data.slot_number, &slot->data.se.slot_number, sizeof( slot->data.se.slot_number ) ); - memcpy( &data.bits, &slot->attr.bits, - sizeof( slot->attr.bits ) ); status = psa_save_persistent_key( &slot->attr, (uint8_t*) &data, sizeof( data ) ); @@ -1910,22 +2126,11 @@ static psa_status_t psa_finish_key_creation( else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { - size_t buffer_size = - PSA_KEY_EXPORT_MAX_SIZE( slot->attr.type, - slot->attr.bits ); - uint8_t *buffer = mbedtls_calloc( 1, buffer_size ); - size_t length = 0; - if( buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_internal_export_key( slot, - buffer, buffer_size, &length, - 0 ); - if( status == PSA_SUCCESS ) - status = psa_save_persistent_key( &slot->attr, - buffer, length ); - - mbedtls_platform_zeroize( buffer, buffer_size ); - mbedtls_free( buffer ); + /* Key material is saved in export representation in the slot, so + * just pass the slot buffer for storage. */ + status = psa_save_persistent_key( &slot->attr, + slot->data.key.data, + slot->data.key.bytes ); } } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1946,11 +2151,17 @@ static psa_status_t psa_finish_key_creation( return( status ); } status = psa_crypto_stop_transaction( ); - if( status != PSA_SUCCESS ) - return( status ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + if( status == PSA_SUCCESS ) + { + *key = slot->attr.id; + status = psa_unlock_key_slot( slot ); + if( status != PSA_SUCCESS ) + *key = MBEDTLS_SVC_KEY_ID_INIT; + } + return( status ); } @@ -2015,7 +2226,8 @@ static psa_status_t psa_validate_optional_attributes( if( attributes->domain_parameters_size != 0 ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -2052,7 +2264,8 @@ static psa_status_t psa_validate_optional_attributes( return( mbedtls_to_psa_error( ret ) ); } else -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -2070,12 +2283,14 @@ static psa_status_t psa_validate_optional_attributes( psa_status_t psa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject zero-length symmetric keys (including raw data key objects). * This also rejects any key which might be encoded as an empty string, * which is never valid. */ @@ -2083,7 +2298,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, - handle, &slot, &driver ); + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2124,13 +2339,11 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *handle = 0; - } + return( status ); } @@ -2141,7 +2354,7 @@ psa_status_t mbedtls_psa_register_se_key( psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; /* Leaving attributes unspecified is not currently supported. * It could make sense to query the key type and size from the @@ -2153,19 +2366,18 @@ psa_status_t mbedtls_psa_register_se_key( return( PSA_ERROR_NOT_SUPPORTED ); status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes, - &handle, &slot, &driver ); + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, &key ); exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - } + /* Registration doesn't keep the key in RAM. */ - psa_close_key( handle ); + psa_close_key( key ); return( status ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -2173,40 +2385,33 @@ exit: static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, psa_key_slot_t *target ) { - psa_status_t status; - uint8_t *buffer = NULL; - size_t buffer_size = 0; - size_t length; - - buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->attr.type, - psa_get_key_slot_bits( source ) ); - buffer = mbedtls_calloc( 1, buffer_size ); - if( buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 ); + psa_status_t status = psa_copy_key_material_into_slot( target, + source->data.key.data, + source->data.key.bytes ); if( status != PSA_SUCCESS ) - goto exit; - target->attr.type = source->attr.type; - status = psa_import_key_into_slot( target, buffer, length ); + return( status ); -exit: - mbedtls_platform_zeroize( buffer, buffer_size ); - mbedtls_free( buffer ); - return( status ); + target->attr.type = source->attr.type; + target->attr.bits = source->attr.bits; + + return( PSA_SUCCESS ); } -psa_status_t psa_copy_key( psa_key_handle_t source_handle, +psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *specified_attributes, - psa_key_handle_t *target_handle ) + mbedtls_svc_key_id_t *target_key ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *source_slot = NULL; psa_key_slot_t *target_slot = NULL; psa_key_attributes_t actual_attributes = *specified_attributes; psa_se_drv_table_entry_t *driver = NULL; - status = psa_get_transparent_key( source_handle, &source_slot, - PSA_KEY_USAGE_COPY, 0 ); + *target_key = MBEDTLS_SVC_KEY_ID_INIT; + + status = psa_get_and_lock_transparent_key_slot_with_policy( + source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); if( status != PSA_SUCCESS ) goto exit; @@ -2220,9 +2425,8 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle, if( status != PSA_SUCCESS ) goto exit; - status = psa_start_key_creation( PSA_KEY_CREATION_COPY, - &actual_attributes, - target_handle, &target_slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes, + &target_slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2239,14 +2443,14 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle, if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( target_slot, driver ); + status = psa_finish_key_creation( target_slot, driver, target_key ); exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( target_slot, driver ); - *target_handle = 0; - } - return( status ); + + unlock_status = psa_unlock_key_slot( source_slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -2255,7 +2459,10 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -2298,7 +2505,10 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { @@ -2751,6 +2961,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_OFB: mode = MBEDTLS_MODE_OFB; break; + case PSA_ALG_ECB_NO_PADDING: + mode = MBEDTLS_MODE_ECB; + break; case PSA_ALG_CBC_NO_PADDING: mode = MBEDTLS_MODE_CBC; break; @@ -2812,7 +3025,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) @@ -2839,7 +3052,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) return( 0 ); } } -#endif /* MBEDTLS_MD_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ @@ -2864,7 +3077,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { /* We'll set up the hash operation later in psa_hmac_setup_internal. */ @@ -2872,7 +3085,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, status = PSA_SUCCESS; } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { if( ! PSA_ALG_IS_MAC( alg ) ) status = PSA_ERROR_INVALID_ARGUMENT; @@ -2883,13 +3096,13 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { @@ -2908,13 +3121,13 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { psa_hmac_abort_internal( &operation->ctx.hmac ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ @@ -2960,7 +3173,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, } #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, const uint8_t *key, size_t key_length, @@ -3022,14 +3235,15 @@ cleanup: return( status ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, int is_sign ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; size_t key_bits; psa_key_usage_t usage = @@ -3049,7 +3263,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, if( is_sign ) operation->is_sign = 1; - status = psa_get_transparent_key( handle, &slot, usage, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; key_bits = psa_get_key_slot_bits( slot ); @@ -3072,7 +3287,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( full_length_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); @@ -3103,7 +3318,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, hash_alg ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { (void) key_bits; status = PSA_ERROR_NOT_SUPPORTED; @@ -3138,21 +3353,24 @@ exit: { operation->key_set = 1; } - return( status ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_mac_setup( operation, handle, alg, 1 ) ); + return( psa_mac_setup( operation, key, alg, 1 ) ); } psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_mac_setup( operation, handle, alg, 0 ) ); + return( psa_mac_setup( operation, key, alg, 0 ) ); } psa_status_t psa_mac_update( psa_mac_operation_t *operation, @@ -3175,14 +3393,14 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, input_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -3194,7 +3412,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ) @@ -3232,7 +3450,7 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, uint8_t *mac, @@ -3258,14 +3476,14 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { return( psa_hmac_finish_internal( &operation->ctx.hmac, mac, operation->mac_size ) ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -3361,7 +3579,8 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, @@ -3380,7 +3599,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_ERROR_INVALID_ARGUMENT ); #endif -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) /* For PKCS#1 v1.5 signature, if using a hash, the hash length * must be correct. */ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && @@ -3391,16 +3610,16 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, if( mbedtls_md_get_size( md_info ) != hash_length ) return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* MBEDTLS_PKCS1_V15 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* PSS requires a hash internally. */ if( PSA_ALG_IS_RSA_PSS( alg ) ) { if( md_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ return( PSA_SUCCESS ); } @@ -3424,7 +3643,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, if( signature_size < mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -3439,8 +3658,8 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -3454,7 +3673,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -3482,7 +3701,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, if( signature_length != mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_INVALID_SIGNATURE ); -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -3497,8 +3716,8 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -3512,7 +3731,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -3524,9 +3743,11 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, return( PSA_ERROR_INVALID_SIGNATURE ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_RSA_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3550,7 +3771,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, goto cleanup; } -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -3563,7 +3784,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, &global_data.ctr_drbg ) ); } else -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -3625,9 +3846,10 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_ECDSA_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -psa_status_t psa_sign_hash( psa_key_handle_t handle, +psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -3635,12 +3857,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, size_t signature_size, size_t *signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ *signature_length = signature_size; /* Immediately reject a zero-length signature buffer. This guarantees @@ -3650,7 +3869,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, if( signature_size == 0 ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN_HASH, alg ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg ); if( status != PSA_SUCCESS ) goto exit; if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -3659,25 +3880,21 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; } -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_sign == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->asymmetric->p_sign( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_RSA_C) + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_sign_hash( slot, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + /* If the operation was not supported by any accelerator, try fallback. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -3699,13 +3916,14 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( rsa ); } else -#endif /* defined(MBEDTLS_RSA_C) */ -#if defined(MBEDTLS_ECP_C) +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) PSA_ALG_IS_ECDSA( alg ) #else PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) @@ -3728,13 +3946,13 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( ecp ); } else -#endif /* defined(MBEDTLS_ECDSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { status = PSA_ERROR_INVALID_ARGUMENT; } } else -#endif /* defined(MBEDTLS_ECP_C) */ { status = PSA_ERROR_NOT_SUPPORTED; } @@ -3751,42 +3969,42 @@ exit: memset( signature, '!', signature_size ); /* If signature_size is 0 then we have nothing to do. We must not call * memset because signature may be NULL in this case. */ - return( status ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_verify_hash( psa_key_handle_t handle, +psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg ); if( status != PSA_SUCCESS ) return( status ); -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_verify == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - return( drv->asymmetric->p_verify( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_length ) ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_RSA_C) + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_verify_hash( slot, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3796,7 +4014,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, slot->data.key.bytes, &rsa ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; status = psa_rsa_verify( rsa, alg, @@ -3804,14 +4022,15 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, signature, signature_length ); mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); + goto exit; } else -#endif /* defined(MBEDTLS_RSA_C) */ -#if defined(MBEDTLS_ECP_C) +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; @@ -3820,28 +4039,34 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, slot->data.key.bytes, &ecp ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; status = psa_ecdsa_verify( ecp, hash, hash_length, signature, signature_length ); mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); - return( status ); + goto exit; } else -#endif /* defined(MBEDTLS_ECDSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } } else -#endif /* defined(MBEDTLS_ECP_C) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_rsa_context *rsa ) { @@ -3850,9 +4075,9 @@ static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); } -#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ -psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, +psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3862,8 +4087,9 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, size_t output_size, size_t *output_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; (void) input; (void) input_length; @@ -3876,14 +4102,19 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) || PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3899,7 +4130,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, status = PSA_ERROR_BUFFER_TOO_SMALL; goto rsa_exit; } -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { status = mbedtls_to_psa_error( @@ -3912,8 +4143,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, output ) ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { psa_rsa_oaep_set_padding_mode( alg, rsa ); @@ -3928,7 +4159,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, output ) ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; goto rsa_exit; @@ -3939,16 +4170,21 @@ rsa_exit: mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, +psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3958,8 +4194,9 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, size_t output_size, size_t *output_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; (void) input; (void) input_length; @@ -3972,13 +4209,18 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -3987,7 +4229,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, slot->data.key.bytes, &rsa ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; if( input_length != mbedtls_rsa_get_len( rsa ) ) { @@ -3995,7 +4237,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, goto rsa_exit; } -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { status = mbedtls_to_psa_error( @@ -4009,8 +4251,8 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, output_size ) ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { psa_rsa_oaep_set_padding_mode( alg, rsa ); @@ -4026,7 +4268,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, output_size ) ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; } @@ -4034,13 +4276,18 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, rsa_exit: mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -4049,34 +4296,14 @@ rsa_exit: /* Symmetric cryptography */ /****************************************************************/ -/* Initialize the cipher operation structure. Once this function has been - * called, psa_cipher_abort can run and will do the right thing. */ -static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, - psa_algorithm_t alg ) -{ - if( ! PSA_ALG_IS_CIPHER( alg ) ) - { - memset( operation, 0, sizeof( *operation ) ); - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - operation->alg = alg; - operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 1; - operation->iv_size = 0; - operation->block_size = 0; - mbedtls_cipher_init( &operation->ctx.cipher ); - return( PSA_SUCCESS ); -} - static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, mbedtls_operation_t cipher_operation ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; int ret = 0; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_slot_t *slot; size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; @@ -4086,19 +4313,63 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) - { return( PSA_ERROR_BAD_STATE ); - } - status = psa_cipher_init( operation, alg ); - if( status != PSA_SUCCESS ) - return( status ); + /* The requested algorithm must be one that can be processed by cipher. */ + if( ! PSA_ALG_IS_CIPHER( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( handle, &slot, usage, alg); + /* Fetch key material from key storage. */ + status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; - key_bits = psa_get_key_slot_bits( slot ); + /* Initialize the operation struct members, except for alg. The alg member + * is used to indicate to psa_cipher_abort that there are resources to free, + * so we only set it after resources have been allocated/initialized. */ + operation->key_set = 0; + operation->iv_set = 0; + operation->mbedtls_in_use = 0; + operation->iv_size = 0; + operation->block_size = 0; + if( alg == PSA_ALG_ECB_NO_PADDING ) + operation->iv_required = 0; + else + operation->iv_required = 1; + + /* Try doing the operation through a driver before using software fallback. */ + if( cipher_operation == MBEDTLS_ENCRYPT ) + status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, + slot, + alg ); + else + status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, + slot, + alg ); + + if( status == PSA_SUCCESS ) + { + /* Once the driver context is initialised, it needs to be freed using + * psa_cipher_abort. Indicate this through setting alg. */ + operation->alg = alg; + } + + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + /* Proceed with initializing an mbed TLS cipher context if no driver is + * available for the given algorithm & key. */ + mbedtls_cipher_init( &operation->ctx.cipher ); + + /* Once the cipher context is initialised, it needs to be freed using + * psa_cipher_abort. Indicate there is something to be freed through setting + * alg, and indicate the operation is being done using mbedtls crypto through + * setting mbedtls_in_use. */ + operation->alg = alg; + operation->mbedtls_in_use = 1; + + key_bits = psa_get_key_slot_bits( slot ); cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); if( cipher_info == NULL ) { @@ -4151,10 +4422,10 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, goto exit; #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING - operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); - if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) + if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && + alg != PSA_ALG_ECB_NO_PADDING ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ); } @@ -4164,26 +4435,36 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_size = 12; #endif + status = PSA_SUCCESS; + exit: - if( status == 0 ) + if( ret != 0 ) status = mbedtls_to_psa_error( ret ); - if( status != 0 ) + if( status == PSA_SUCCESS ) + { + /* Update operation flags for both driver and software implementations */ + operation->key_set = 1; + } + else psa_cipher_abort( operation ); - return( status ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_cipher_setup( operation, handle, alg, MBEDTLS_ENCRYPT ) ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) ); } psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_cipher_setup( operation, handle, alg, MBEDTLS_DECRYPT ) ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) ); } psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, @@ -4197,6 +4478,16 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { return( PSA_ERROR_BAD_STATE ); } + + if( operation->mbedtls_in_use == 0 ) + { + status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, + iv, + iv_size, + iv_length ); + goto exit; + } + if( iv_size < operation->iv_size ) { status = PSA_ERROR_BUFFER_TOO_SMALL; @@ -4214,7 +4505,9 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, status = psa_cipher_set_iv( operation, iv, *iv_length ); exit: - if( status != PSA_SUCCESS ) + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + else psa_cipher_abort( operation ); return( status ); } @@ -4229,6 +4522,15 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, { return( PSA_ERROR_BAD_STATE ); } + + if( operation->mbedtls_in_use == 0 ) + { + status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, + iv, + iv_length ); + goto exit; + } + if( iv_length != operation->iv_size ) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -4244,6 +4546,94 @@ exit: return( status ); } +/* Process input for which the algorithm is set to ECB mode. This requires + * manual processing, since the PSA API is defined as being able to process + * arbitrary-length calls to psa_cipher_update() with ECB mode, but the + * underlying mbedtls_cipher_update only takes full blocks. */ +static psa_status_t psa_cipher_update_ecb_internal( + mbedtls_cipher_context_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t block_size = ctx->cipher_info->block_size; + size_t internal_output_length = 0; + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( ctx->unprocessed_len > 0 ) + { + /* Fill up to block size, and run the block if there's a full one. */ + size_t bytes_to_copy = block_size - ctx->unprocessed_len; + + if( input_length < bytes_to_copy ) + bytes_to_copy = input_length; + + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + ctx->unprocessed_len += bytes_to_copy; + + if( ctx->unprocessed_len == block_size ) + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + ctx->unprocessed_len = 0; + } + } + + while( input_length >= block_size ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, input, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= block_size; + input += block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, input_length ); + ctx->unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + +exit: + return( status ); +} + psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -4251,14 +4641,27 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - psa_status_t status; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - if( operation->alg == 0 ) { return( PSA_ERROR_BAD_STATE ); } + if( operation->iv_required && ! operation->iv_set ) + { + return( PSA_ERROR_BAD_STATE ); + } + + if( operation->mbedtls_in_use == 0 ) + { + status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, + input, + input_length, + output, + output_size, + output_length ); + goto exit; + } if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) { @@ -4281,9 +4684,24 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, goto exit; } - ret = mbedtls_cipher_update( &operation->ctx.cipher, input, - input_length, output, output_length ); - status = mbedtls_to_psa_error( ret ); + if( operation->alg == PSA_ALG_ECB_NO_PADDING ) + { + /* mbedtls_cipher_update has an API inconsistency: it will only + * process a single block at a time in ECB mode. Abstract away that + * inconsistency here to match the PSA API behaviour. */ + status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length ); + } + else + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + input_length, output, output_length ) ); + } exit: if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); @@ -4296,10 +4714,8 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; - int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - - if( ! operation->key_set ) + if( operation->alg == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -4308,53 +4724,59 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT && - operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.unprocessed_len != 0 ) + if( operation->mbedtls_in_use == 0 ) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; + status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, + output, + output_size, + output_length ); + goto exit; } - cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher, - temp_output_buffer, - output_length ); - if( cipher_ret != 0 ) + if( operation->ctx.cipher.unprocessed_len != 0 ) { - status = mbedtls_to_psa_error( cipher_ret ); - goto error; + if( operation->alg == PSA_ALG_ECB_NO_PADDING || + operation->alg == PSA_ALG_CBC_NO_PADDING ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } } + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->ctx.cipher, + temp_output_buffer, + output_length ) ); + if( status != PSA_SUCCESS ) + goto exit; + if( *output_length == 0 ) ; /* Nothing to copy. Note that output may be NULL in this case. */ else if( output_size >= *output_length ) memcpy( output, temp_output_buffer, *output_length ); else - { status = PSA_ERROR_BUFFER_TOO_SMALL; - goto error; + +exit: + if( operation->mbedtls_in_use == 1 ) + mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); + + if( status == PSA_SUCCESS ) + return( psa_cipher_abort( operation ) ); + else + { + *output_length = 0; + (void) psa_cipher_abort( operation ); + + return( status ); } - - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - status = psa_cipher_abort( operation ); - - return( status ); - -error: - - *output_length = 0; - - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - (void) psa_cipher_abort( operation ); - - return( status ); } psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { if( operation->alg == 0 ) { - /* The object has (apparently) been initialized but it is not + /* The object has (apparently) been initialized but it is not (yet) * in use. It's ok to call abort on such an object, and there's * nothing to do. */ return( PSA_SUCCESS ); @@ -4365,11 +4787,15 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &operation->ctx.cipher ); + if( operation->mbedtls_in_use == 0 ) + psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); + else + mbedtls_cipher_free( &operation->ctx.cipher ); operation->alg = 0; operation->key_set = 0; operation->iv_set = 0; + operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; operation->iv_required = 0; @@ -4390,6 +4816,7 @@ typedef struct const mbedtls_cipher_info_t *cipher_info; union { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_CCM_C) mbedtls_ccm_context ccm; #endif /* MBEDTLS_CCM_C */ @@ -4405,6 +4832,8 @@ typedef struct uint8_t tag_length; } aead_operation_t; +#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0} + static void psa_aead_abort_internal( aead_operation_t *operation ) { switch( operation->core_alg ) @@ -4420,10 +4849,12 @@ static void psa_aead_abort_internal( aead_operation_t *operation ) break; #endif /* MBEDTLS_GCM_C */ } + + psa_unlock_key_slot( operation->slot ); } static psa_status_t psa_aead_setup( aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -4431,7 +4862,8 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, size_t key_bits; mbedtls_cipher_id_t cipher_id; - status = psa_get_transparent_key( handle, &operation->slot, usage, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &operation->slot, usage, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4441,7 +4873,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits, &cipher_id ); if( operation->cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; + } switch( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ) { @@ -4453,7 +4888,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, * The call to mbedtls_ccm_encrypt_and_tag or * mbedtls_ccm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto cleanup; + } mbedtls_ccm_init( &operation->ctx.ccm ); status = mbedtls_to_psa_error( mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id, @@ -4472,7 +4910,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, * The call to mbedtls_gcm_crypt_and_tag or * mbedtls_gcm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto cleanup; + } mbedtls_gcm_init( &operation->ctx.gcm ); status = mbedtls_to_psa_error( mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, @@ -4489,7 +4930,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, operation->full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; + } mbedtls_chachapoly_init( &operation->ctx.chachapoly ); status = mbedtls_to_psa_error( mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, @@ -4500,7 +4944,8 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, #endif /* MBEDTLS_CHACHAPOLY_C */ default: - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; } if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length ) @@ -4517,7 +4962,7 @@ cleanup: return( status ); } -psa_status_t psa_aead_encrypt( psa_key_handle_t handle, +psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -4530,12 +4975,12 @@ psa_status_t psa_aead_encrypt( psa_key_handle_t handle, size_t *ciphertext_length ) { psa_status_t status; - aead_operation_t operation; + aead_operation_t operation = AEAD_OPERATION_INIT; uint8_t *tag; *ciphertext_length = 0; - status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_ENCRYPT, alg ); + status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4631,7 +5076,7 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, return( PSA_SUCCESS ); } -psa_status_t psa_aead_decrypt( psa_key_handle_t handle, +psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -4644,12 +5089,12 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, size_t *plaintext_length ) { psa_status_t status; - aead_operation_t operation; + aead_operation_t operation = AEAD_OPERATION_INIT; const uint8_t *tag = NULL; *plaintext_length = 0; - status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_DECRYPT, alg ); + status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4727,6 +5172,12 @@ exit: /* Generators */ /****************************************************************/ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) +#define AT_LEAST_ONE_BUILTIN_KDF +#endif + #define HKDF_STATE_INIT 0 /* no input yet */ #define HKDF_STATE_STARTED 1 /* got salt */ #define HKDF_STATE_KEYED 2 /* got key */ @@ -4741,7 +5192,6 @@ static psa_algorithm_t psa_key_derivation_get_kdf_alg( return( operation->alg ); } - psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation ) { psa_status_t status = PSA_SUCCESS; @@ -4753,13 +5203,17 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); } - else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { @@ -4783,7 +5237,8 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * mbedtls_platform_zeroize() in the end of this function. */ } else -#endif /* MBEDTLS_MD_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */ { status = PSA_ERROR_BAD_STATE; } @@ -4815,7 +5270,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, @@ -4884,7 +5339,10 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) @@ -5031,7 +5489,8 @@ static psa_status_t psa_key_derivation_tls12_prf_read( return( PSA_SUCCESS ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5067,7 +5526,7 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); @@ -5075,15 +5534,19 @@ psa_status_t psa_key_derivation_output_bytes( output, output_length ); } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ { return( PSA_ERROR_BAD_STATE ); } @@ -5148,12 +5611,14 @@ exit: psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ if( psa_get_key_bits( attributes ) == 0 ) @@ -5162,8 +5627,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( ! operation->can_output_key ) return( PSA_ERROR_NOT_PERMITTED ); - status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, - attributes, handle, &slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes, + &slot, &driver ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( driver != NULL ) { @@ -5178,12 +5643,10 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut operation ); } if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *handle = 0; - } + return( status ); } @@ -5193,19 +5656,36 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /* Key derivation */ /****************************************************************/ +#ifdef AT_LEAST_ONE_BUILTIN_KDF static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) { + int is_kdf_alg_supported; + /* Make sure that operation->ctx is properly zero-initialised. (Macro * initialisers for this union leave some bytes unspecified.) */ memset( &operation->ctx, 0, sizeof( operation->ctx ) ); /* Make sure that kdf_alg is a supported key derivation algorithm. */ -#if defined(MBEDTLS_MD_C) - if( PSA_ALG_IS_HKDF( kdf_alg ) || - PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif + is_kdf_alg_supported = 0; + + if( is_kdf_alg_supported ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); size_t hash_size = PSA_HASH_SIZE( hash_alg ); @@ -5220,10 +5700,10 @@ static psa_status_t psa_key_derivation_setup_kdf( operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } -#endif /* MBEDTLS_MD_C */ - else - return( PSA_ERROR_NOT_SUPPORTED ); + + return( PSA_ERROR_NOT_SUPPORTED ); } +#endif /* AT_LEAST_ONE_BUILTIN_KDF */ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, psa_algorithm_t alg ) @@ -5235,6 +5715,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); +#ifdef AT_LEAST_ONE_BUILTIN_KDF else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) { psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); @@ -5244,6 +5725,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation { status = psa_key_derivation_setup_kdf( operation, alg ); } +#endif else return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5252,7 +5734,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, psa_key_derivation_step_t step, @@ -5317,7 +5799,10 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf, const uint8_t *data, size_t data_length ) @@ -5358,41 +5843,6 @@ static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf, return( PSA_SUCCESS ); } -static psa_status_t psa_tls12_prf_psk_to_ms_set_key( - psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - const uint8_t *data, - size_t data_length ) -{ - psa_status_t status; - uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ]; - uint8_t *cur = pms; - - if( data_length > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - /* Quoting RFC 4279, Section 2: - * - * The premaster secret is formed as follows: if the PSK is N octets - * long, concatenate a uint16 with the value N, N zero octets, a second - * uint16 with the value N, and the PSK itself. - */ - - *cur++ = ( data_length >> 8 ) & 0xff; - *cur++ = ( data_length >> 0 ) & 0xff; - memset( cur, 0, data_length ); - cur += data_length; - *cur++ = pms[0]; - *cur++ = pms[1]; - memcpy( cur, data, data_length ); - cur += data_length; - - status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); - - mbedtls_platform_zeroize( pms, sizeof( pms ) ); - return( status ); -} - static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf, const uint8_t *data, size_t data_length ) @@ -5433,6 +5883,44 @@ static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, return( PSA_ERROR_INVALID_ARGUMENT ); } } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) +static psa_status_t psa_tls12_prf_psk_to_ms_set_key( + psa_tls12_prf_key_derivation_t *prf, + psa_algorithm_t hash_alg, + const uint8_t *data, + size_t data_length ) +{ + psa_status_t status; + uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ]; + uint8_t *cur = pms; + + if( data_length > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Quoting RFC 4279, Section 2: + * + * The premaster secret is formed as follows: if the PSK is N octets + * long, concatenate a uint16 with the value N, N zero octets, a second + * uint16 with the value N, and the PSK itself. + */ + + *cur++ = ( data_length >> 8 ) & 0xff; + *cur++ = ( data_length >> 0 ) & 0xff; + memset( cur, 0, data_length ); + cur += data_length; + *cur++ = pms[0]; + *cur++ = pms[1]; + memcpy( cur, data, data_length ); + cur += data_length; + + status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); + + mbedtls_platform_zeroize( pms, sizeof( pms ) ); + return( status ); +} static psa_status_t psa_tls12_prf_psk_to_ms_input( psa_tls12_prf_key_derivation_t *prf, @@ -5449,7 +5937,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -5499,27 +5987,33 @@ static psa_status_t psa_key_derivation_input_internal( if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } - else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { status = psa_tls12_prf_input( &operation->ctx.tls12_prf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } - else if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ { /* This can't happen unless the operation object was not initialized */ return( PSA_ERROR_BAD_STATE ); @@ -5545,14 +6039,14 @@ psa_status_t psa_key_derivation_input_bytes( psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; - status = psa_get_transparent_key( handle, &slot, - PSA_KEY_USAGE_DERIVE, - operation->alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) { psa_key_derivation_abort( operation ); @@ -5564,10 +6058,14 @@ psa_status_t psa_key_derivation_input_key( if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) operation->can_output_key = 1; - return( psa_key_derivation_input_internal( operation, - step, slot->attr.type, - slot->data.key.data, - slot->data.key.bytes ) ); + status = psa_key_derivation_input_internal( operation, + step, slot->attr.type, + slot->data.key.data, + slot->data.key.bytes ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -5576,7 +6074,7 @@ psa_status_t psa_key_derivation_input_key( /* Key agreement */ /****************************************************************/ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -5627,7 +6125,7 @@ exit: return( status ); } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES @@ -5641,7 +6139,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, { switch( alg ) { -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5660,7 +6158,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); return( status ); -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ default: (void) private_key; (void) peer_key; @@ -5704,7 +6202,6 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * PSA_KEY_TYPE_DERIVE, shared_secret, shared_secret_length ); - exit: mbedtls_platform_zeroize( shared_secret, shared_secret_length ); return( status ); @@ -5712,16 +6209,18 @@ exit: psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; + if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( private_key, &slot, - PSA_KEY_USAGE_DERIVE, operation->alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) return( status ); status = psa_key_agreement_internal( operation, step, @@ -5729,27 +6228,38 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o peer_key, peer_key_length ); if( status != PSA_SUCCESS ) psa_key_derivation_abort( operation ); - return( status ); + else + { + /* If a private key has been added as SECRET, we allow the derived + * key material to be used as a key in PSA Crypto. */ + if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) + operation->can_output_key = 1; + } + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length ) { - psa_key_slot_t *slot; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - status = psa_get_transparent_key( private_key, &slot, - PSA_KEY_USAGE_DERIVE, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + private_key, &slot, PSA_KEY_USAGE_DERIVE, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -5771,7 +6281,10 @@ exit: psa_generate_random( output, output_size ); *output_length = output_size; } - return( status ); + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -5818,7 +6331,7 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent ) @@ -5844,7 +6357,7 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, *exponent = acc; return( PSA_SUCCESS ); } -#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ static psa_status_t psa_generate_key_internal( psa_key_slot_t *slot, size_t bits, @@ -5882,7 +6395,7 @@ static psa_status_t psa_generate_key_internal( } else -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context rsa; @@ -5930,9 +6443,9 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) { psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); @@ -5946,8 +6459,6 @@ static psa_status_t psa_generate_key_internal( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != bits ) - return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, mbedtls_ctr_drbg_random, @@ -5979,7 +6490,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -5988,54 +6499,40 @@ static psa_status_t psa_generate_key_internal( } psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ if( psa_get_key_bits( attributes ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, - attributes, handle, &slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes, + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { - const psa_drv_se_t *drv = psa_get_se_driver_methods( driver ); - size_t pubkey_length = 0; /* We don't support this feature yet */ - if( drv->key_management == NULL || - drv->key_management->p_generate == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->key_management->p_generate( - psa_get_se_driver_context( driver ), - slot->data.se.slot_number, attributes, - NULL, 0, &pubkey_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - status = psa_generate_key_internal( - slot, attributes->core.bits, - attributes->domain_parameters, attributes->domain_parameters_size ); - } + status = psa_driver_wrapper_generate_key( attributes, + slot ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( attributes->core.lifetime ) ) + goto exit; + + status = psa_generate_key_internal( + slot, attributes->core.bits, + attributes->domain_parameters, attributes->domain_parameters_size ); exit: if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *handle = 0; - } + return( status ); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9a61babb5..f61ef9550 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -36,6 +36,32 @@ typedef struct { psa_core_key_attributes_t attr; + + /* + * Number of locks on the key slot held by the library. + * + * This counter is incremented by one each time a library function + * retrieves through one of the dedicated internal API a pointer to the + * key slot. + * + * This counter is decremented by one each time a library function stops + * accessing the key slot and states it by calling the + * psa_unlock_key_slot() API. + * + * This counter is used to prevent resetting the key slot while the library + * may access it. For example, such control is needed in the following + * scenarios: + * . In case of key slot starvation, all key slots contain the description + * of a key, and the library asks for the description of a persistent + * key not present in the key slots, the key slots currently accessed by + * the library cannot be reclaimed to free a key slot to load the + * persistent key. + * . In case of a multi-threaded application where one thread asks to close + * or purge or destroy a key while it is in used by the library through + * another thread. + */ + size_t lock_count; + union { /* Dynamically allocated key data buffer. @@ -74,6 +100,19 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) return( slot->attr.type != 0 ); } +/** Test whether a key slot is locked. + * + * A key slot is locked iff its lock counter is strictly greater than 0. + * + * \param[in] slot The key slot to test. + * + * \return 1 if the slot is locked, 0 otherwise. + */ +static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot ) +{ + return( slot->lock_count > 0 ); +} + /** Retrieve flags from psa_key_slot_t::attr::core::flags. * * \param[in] slot The key slot to query. @@ -130,35 +169,43 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, * * \param[in,out] slot The key slot to wipe. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. This includes the case of a key slot that was * already fully wiped. - * \retval PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); -/** Import key data into a slot. +/** Copy key data (in export format) into an empty key slot. * - * `slot->type` must have been set previously. - * This function assumes that the slot does not contain any key material yet. - * On failure, the slot content is unchanged. + * This function assumes that the slot does not contain + * any key material yet. On failure, the slot content is unchanged. * - * Persistent storage is not affected. + * \param[in,out] slot Key slot to copy the key into. + * \param[in] data Buffer containing the key material. + * \param data_length Size of the key buffer. * - * \param[in,out] slot The key slot to import data into. - * Its `type` field must have previously been set to - * the desired key type. - * It must not contain any key material yet. - * \param[in] data Buffer containing the key material to parse and import. - * \param data_length Size of \p data in bytes. - * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INVALID_ARGUMENT - * \retval PSA_ERROR_NOT_SUPPORTED - * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_SUCCESS + * The key has been copied successfully. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Not enough memory was available for allocation of the + * copy buffer. + * \retval #PSA_ERROR_ALREADY_EXISTS + * There was other key material already present in the slot. */ -psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, - const uint8_t *data, - size_t data_length ); +psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length ); + +/** Convert an mbed TLS error code to a PSA error code + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param ret An mbed TLS-thrown error code + * + * \return The corresponding PSA error code + */ +psa_status_t mbedtls_to_psa_error( int ret ); #endif /* PSA_CRYPTO_CORE_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c new file mode 100644 index 000000000..c3ea6f142 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.c @@ -0,0 +1,993 @@ +/* + * Functions to delegate cryptographic operations to an available + * and appropriate accelerator. + * Warning: This file will be auto-generated in the future. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "psa_crypto_core.h" +#include "psa_crypto_driver_wrappers.h" +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + +/* Include test driver definition when running tests */ +#if defined(PSA_CRYPTO_DRIVER_TEST) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "test/drivers/test_driver.h" +#endif /* PSA_CRYPTO_DRIVER_TEST */ + +/* Repeat above block for each JSON-declared driver during autogeneration */ + +/* Auto-generated values depending on which drivers are registered. ID 0 is + * reserved for unallocated operations. */ +#if defined(PSA_CRYPTO_DRIVER_TEST) +#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1) +#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2) +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + +/* Support the 'old' SE interface when asked to */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style + * SE driver is present, to avoid unused argument errors at compile time. */ +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#include "psa_crypto_se.h" +#endif + +/* Start delegation functions */ +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_sign == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( drv->asymmetric->p_sign( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_size, + signature_length ) ); + } +#endif /* PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_verify == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( drv->asymmetric->p_verify( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_length ) ); + } +#endif /* PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +/** Calculate the size to allocate for buffering a key with given attributes. + * + * This function provides a way to get the expected size for storing a key with + * the given attributes. This will be the size of the export representation for + * cleartext keys, and a driver-defined size for keys stored by opaque drivers. + * + * \param[in] attributes The key attribute structure of the key to store. + * \param[out] expected_size On success, a byte size large enough to contain + * the declared key. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + */ +static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, + size_t *expected_size ) +{ + size_t buffer_size = 0; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_type_t key_type = attributes->core.type; + size_t key_bits = attributes->core.bits; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ); + + if( buffer_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *expected_size = buffer_size; + return( PSA_SUCCESS ); + +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + *expected_size = test_size_function( key_type, key_bits ); + return( PSA_SUCCESS ); +#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ? + PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 ); + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + + public_key_overhead; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; + } + else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && + !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * ( ( key_bits + 7 ) / 8 ); + } + else + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( PSA_SUCCESS ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } +} +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + size_t pubkey_length = 0; /* We don't support this feature yet */ + if( drv->key_management == NULL || + drv->key_management->p_generate == NULL ) + { + /* Key is defined as being in SE, but we have no way to generate it */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( drv->key_management->p_generate( + drv_context, + slot->data.se.slot_number, attributes, + NULL, 0, &pubkey_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + size_t export_size = 0; + + status = get_expected_key_size( attributes, &export_size ); + if( status != PSA_SUCCESS ) + return( status ); + + slot->data.key.data = mbedtls_calloc(1, export_size); + if( slot->data.key.data == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + slot->data.key.bytes = export_size; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + + /* Transparent drivers are limited to generating asymmetric keys */ + if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) + { + status = PSA_ERROR_NOT_SUPPORTED; + break; + } +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + break; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + status = PSA_ERROR_NOT_SUPPORTED; + break; + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + status = test_opaque_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + break; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + status = PSA_ERROR_INVALID_ARGUMENT; + break; + } + + if( status != PSA_SUCCESS ) + { + /* free allocated buffer */ + mbedtls_free( slot->data.key.data ); + slot->data.key.data = NULL; + slot->data.key.bytes = 0; + } + + return( status ); +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) attributes; + (void) slot; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) +{ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Try accelerators in turn */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_validate_key( attributes, + data, + data_length, + bits ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + return( PSA_ERROR_NOT_SUPPORTED ); +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + (void) attributes; + (void) data; + (void) data_length; + (void) bits; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ) +{ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + (void) slot; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +} + +/* + * Cipher functions + */ +psa_status_t psa_driver_wrapper_cipher_encrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_cipher_encrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_cipher_encrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) slot; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_decrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_cipher_decrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_cipher_decrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) slot; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_encrypt_setup( + psa_operation_driver_context_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_transparent_cipher_encrypt_setup( operation->ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + else + { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + } + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + status = test_opaque_cipher_encrypt_setup( operation->ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + else + { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + } + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( PSA_ERROR_NOT_SUPPORTED ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)operation; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_decrypt_setup( + psa_operation_driver_context_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + status = test_transparent_cipher_decrypt_setup( operation->ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + else + { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + } + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_opaque_cipher_decrypt_setup( operation->ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + else + { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + } + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( PSA_ERROR_NOT_SUPPORTED ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)operation; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_generate_iv( + psa_operation_driver_context_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + switch( operation->id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_generate_iv( operation->ctx, + iv, + iv_size, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_generate_iv( operation->ctx, + iv, + iv_size, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return( PSA_ERROR_BAD_STATE ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_set_iv( + psa_operation_driver_context_t *operation, + const uint8_t *iv, + size_t iv_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + switch( operation->id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_set_iv( operation->ctx, + iv, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_set_iv( operation->ctx, + iv, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return( PSA_ERROR_BAD_STATE ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) iv; + (void) iv_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_update( + psa_operation_driver_context_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + switch( operation->id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_update( operation->ctx, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_update( operation->ctx, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return( PSA_ERROR_BAD_STATE ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_length; + (void) output_size; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_finish( + psa_operation_driver_context_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + switch( operation->id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_finish( operation->ctx, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_finish( operation->ctx, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return( PSA_ERROR_BAD_STATE ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) output; + (void) output_size; + (void) output_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_abort( + psa_operation_driver_context_t *operation ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + + /* The object has (apparently) been initialized but it is not in use. It's + * ok to call abort on such an object, and there's nothing to do. */ + if( operation->ctx == NULL && operation->id == 0 ) + return( PSA_SUCCESS ); + + switch( operation->id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + status = test_transparent_cipher_abort( operation->ctx ); + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + operation->id = 0; + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + status = test_opaque_cipher_abort( operation->ctx ); + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + operation->id = 0; + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Operation is attached to a driver not known to us */ + return( PSA_ERROR_BAD_STATE ); + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)operation; + + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +/* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h new file mode 100644 index 000000000..6b5143781 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.h @@ -0,0 +1,124 @@ +/* + * Function signatures for functionality that can be provided by + * cryptographic accelerators. + * Warning: This file will be auto-generated in the future. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H +#define PSA_CRYPTO_DRIVER_WRAPPERS_H + +#include "psa/crypto.h" +#include "psa/crypto_driver_common.h" + +/* + * Signature functions + */ +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ); + +/* + * Key handling functions + */ + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ); + +psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ); + +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ); + +/* + * Cipher functions + */ +psa_status_t psa_driver_wrapper_cipher_encrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_decrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_encrypt_setup( + psa_operation_driver_context_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_cipher_decrypt_setup( + psa_operation_driver_context_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_cipher_generate_iv( + psa_operation_driver_context_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length ); + +psa_status_t psa_driver_wrapper_cipher_set_iv( + psa_operation_driver_context_t *operation, + const uint8_t *iv, + size_t iv_length ); + +psa_status_t psa_driver_wrapper_cipher_update( + psa_operation_driver_context_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_finish( + psa_operation_driver_context_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_abort( + psa_operation_driver_context_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ + +/* End of automatically generated file. */ diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index c609c777e..2b4ee1f34 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -62,12 +62,12 @@ * It is called by mbedtls_psa_crypto_free(). * By default this is mbedtls_entropy_free(). * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. - * \retval PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_NOT_PERMITTED * The caller does not have the permission to configure * entropy sources. - * \retval PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_BAD_STATE * The library has already been initialized. */ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 93c4ce981..11703a08f 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -72,12 +72,12 @@ struct psa_storage_info_t * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG - * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid - * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) * is invalid, for example is `NULL` or references memory the caller cannot access */ psa_status_t psa_its_set(psa_storage_uid_t uid, @@ -97,11 +97,11 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage - * \retval PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size` - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage + * \retval #PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size` + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) * is invalid. For example is `NULL` or references memory the caller cannot access. * In addition, this can also happen if an invalid offset was provided. */ @@ -119,10 +119,10 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) * is invalid, for example is `NULL` or references memory the caller cannot access */ psa_status_t psa_its_get_info(psa_storage_uid_t uid, @@ -135,11 +135,15 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) */ psa_status_t psa_its_remove(psa_storage_uid_t uid); +#ifdef __cplusplus +} +#endif + #endif /* PSA_CRYPTO_ITS_H */ diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index a46423256..67fadf896 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -45,7 +45,7 @@ /** The base of the range of ITS file identifiers for secure element * driver persistent data. * - * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff, + * We use a slice of the implementation reserved range 0xffff0000..0xffffffff, * specifically the range 0xfffffe00..0xfffffeff. The length of this range * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE @@ -182,7 +182,6 @@ psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); typedef struct { uint8_t slot_number[sizeof( psa_key_slot_number_t )]; - uint8_t bits[sizeof( psa_key_bits_t )]; } psa_se_key_data_storage_t; #endif /* PSA_CRYPTO_SE_H */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a32a02798..4c4ad0331 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -51,30 +51,101 @@ typedef struct static psa_global_data_t global_data; -/* Access a key slot at the given handle. The handle of a key slot is - * the index of the slot in the global slot array, plus one so that handles - * start at 1 and not 0. */ -psa_status_t psa_get_key_slot( psa_key_handle_t handle, - psa_key_slot_t **p_slot ) +psa_status_t psa_validate_key_id( + mbedtls_svc_key_id_t key, int vendor_ok ) { + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + + if( ( PSA_KEY_ID_USER_MIN <= key_id ) && + ( key_id <= PSA_KEY_ID_USER_MAX ) ) + return( PSA_SUCCESS ); + + if( vendor_ok && + ( PSA_KEY_ID_VENDOR_MIN <= key_id ) && + ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) + return( PSA_SUCCESS ); + + return( PSA_ERROR_INVALID_HANDLE ); +} + +/** Get the description in memory of a key given its identifier and lock it. + * + * The descriptions of volatile keys and loaded persistent keys are + * stored in key slots. This function returns a pointer to the key slot + * containing the description of a key given its identifier. + * + * The function searches the key slots containing the description of the key + * with \p key identifier. The function does only read accesses to the key + * slots. The function does not load any persistent key thus does not access + * any storage. + * + * For volatile key identifiers, only one key slot is queried as a volatile + * key with identifier key_id can only be stored in slot of index + * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ). + * + * On success, the function locks the key slot. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. + * + * \param key Key identifier to query. + * \param[out] p_slot On success, `*p_slot` contains a pointer to the + * key slot containing the description of the key + * identified by \p key. + * + * \retval #PSA_SUCCESS + * The pointer to the key slot containing the description of the key + * identified by \p key was returned. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no key with key identifier \p key in the key slots. + */ +static psa_status_t psa_get_and_lock_key_slot_in_memory( + mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + size_t slot_idx; psa_key_slot_t *slot = NULL; - if( ! global_data.key_slots_initialized ) - return( PSA_ERROR_BAD_STATE ); + if( psa_key_id_is_volatile( key_id ) ) + { + slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; - /* 0 is not a valid handle under any circumstance. This - * implementation provides slots number 1 to N where N is the - * number of available slots. */ - if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) ) - return( PSA_ERROR_INVALID_HANDLE ); - slot = &global_data.key_slots[handle - 1]; + /* + * Check if both the PSA key identifier key_id and the owner + * identifier of key match those of the key slot. + * + * Note that, if the key slot is not occupied, its PSA key identifier + * is equal to zero. This is an invalid value for a PSA key identifier + * and thus cannot be equal to the valid PSA key identifier key_id. + */ + status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ? + PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; + } + else + { + status = psa_validate_key_id( key, 1 ); + if( status != PSA_SUCCESS ) + return( status ); - /* If the slot isn't occupied, the handle is invalid. */ - if( ! psa_is_key_slot_occupied( slot ) ) - return( PSA_ERROR_INVALID_HANDLE ); + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) + { + slot = &global_data.key_slots[ slot_idx ]; + if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) + break; + } + status = ( slot_idx < PSA_KEY_SLOT_COUNT ) ? + PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; + } - *p_slot = slot; - return( PSA_SUCCESS ); + if( status == PSA_SUCCESS ) + { + status = psa_lock_key_slot( slot ); + if( status == PSA_SUCCESS ) + *p_slot = slot; + } + + return( status ); } psa_status_t psa_initialize_key_slots( void ) @@ -88,29 +159,80 @@ psa_status_t psa_initialize_key_slots( void ) void psa_wipe_all_key_slots( void ) { - psa_key_handle_t key; - for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ ) + size_t slot_idx; + + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { - psa_key_slot_t *slot = &global_data.key_slots[key - 1]; + psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + slot->lock_count = 1; (void) psa_wipe_key_slot( slot ); } global_data.key_slots_initialized = 0; } -psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, - psa_key_slot_t **p_slot ) +psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot ) { - if( ! global_data.key_slots_initialized ) - return( PSA_ERROR_BAD_STATE ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t slot_idx; + psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot; - for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) ) + if( ! global_data.key_slots_initialized ) { - *p_slot = &global_data.key_slots[*handle - 1]; - if( ! psa_is_key_slot_occupied( *p_slot ) ) - return( PSA_SUCCESS ); + status = PSA_ERROR_BAD_STATE; + goto error; } + + selected_slot = unlocked_persistent_key_slot = NULL; + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) + { + psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + if( ! psa_is_key_slot_occupied( slot ) ) + { + selected_slot = slot; + break; + } + + if( ( unlocked_persistent_key_slot == NULL ) && + ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && + ( ! psa_is_key_slot_locked( slot ) ) ) + unlocked_persistent_key_slot = slot; + } + + /* + * If there is no unused key slot and there is at least one unlocked key + * slot containing the description of a persistent key, recycle the first + * such key slot we encountered. If we later need to operate on the + * persistent key we are evicting now, we will reload its description from + * storage. + */ + if( ( selected_slot == NULL ) && + ( unlocked_persistent_key_slot != NULL ) ) + { + selected_slot = unlocked_persistent_key_slot; + selected_slot->lock_count = 1; + psa_wipe_key_slot( selected_slot ); + } + + if( selected_slot != NULL ) + { + status = psa_lock_key_slot( selected_slot ); + if( status != PSA_SUCCESS ) + goto error; + + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + + ( (psa_key_id_t)( selected_slot - global_data.key_slots ) ); + *p_slot = selected_slot; + + return( PSA_SUCCESS ); + } + status = PSA_ERROR_INSUFFICIENT_MEMORY; + +error: *p_slot = NULL; - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + *volatile_key_id = 0; + + return( status ); } #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -137,47 +259,84 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) data = (psa_se_key_data_storage_t *) key_data; memcpy( &slot->data.se.slot_number, &data->slot_number, sizeof( slot->data.se.slot_number ) ); - memcpy( &slot->attr.bits, &data->bits, - sizeof( slot->attr.bits ) ); } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { - status = psa_import_key_into_slot( slot, key_data, key_data_length ); + status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + if( status != PSA_SUCCESS ) + goto exit; } exit: psa_free_persistent_key_data( key_data, key_data_length ); return( status ); } +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -/** Check whether a key identifier is acceptable. - * - * For backward compatibility, key identifiers that were valid in a - * past released version must remain valid, unless a migration path - * is provided. - * - * \param file_id The key identifier to check. - * \param vendor_ok Nonzero to allow key ids in the vendor range. - * 0 to allow only key ids in the application range. - * - * \return 1 if \p file_id is acceptable, otherwise 0. - */ -static int psa_is_key_id_valid( psa_key_file_id_t file_id, - int vendor_ok ) +psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot ) { - psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); - if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX ) - return( 1 ); - else if( vendor_ok && - PSA_KEY_ID_VENDOR_MIN <= key_id && - key_id <= PSA_KEY_ID_VENDOR_MAX ) - return( 1 ); - else - return( 0 ); -} + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *p_slot = NULL; + if( ! global_data.key_slots_initialized ) + return( PSA_ERROR_BAD_STATE ); + + /* + * On success, the pointer to the slot is passed directly to the caller + * thus no need to unlock the key slot here. + */ + status = psa_get_and_lock_key_slot_in_memory( key, p_slot ); + if( status != PSA_ERROR_DOES_NOT_EXIST ) + return( status ); + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) + psa_key_id_t volatile_key_id; + + status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); + if( status != PSA_SUCCESS ) + return( status ); + + (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; + (*p_slot)->attr.id = key; + + status = psa_load_persistent_key_into_slot( *p_slot ); + if( status != PSA_SUCCESS ) + psa_wipe_key_slot( *p_slot ); + + return( status ); +#else + return( PSA_ERROR_DOES_NOT_EXIST ); #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ +} + +psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) +{ + if( slot == NULL ) + return( PSA_SUCCESS ); + + if( slot->lock_count > 0 ) + { + slot->lock_count--; + return( PSA_SUCCESS ); + } + + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report if the lock counter is equal to zero: if + * available call MBEDTLS_PARAM_FAILED that may terminate execution (if + * called as part of the execution of a unit test suite this will stop the + * test suite execution). + */ +#ifdef MBEDTLS_CHECK_PARAMS + MBEDTLS_PARAM_FAILED( slot->lock_count > 0 ); +#endif + + return( PSA_ERROR_CORRUPTION_DETECTED ); +} + psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ) { @@ -203,8 +362,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, return( PSA_SUCCESS ); } -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_id_t key_id ) +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ) { if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { @@ -215,47 +373,33 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( psa_is_key_id_valid( key_id, - psa_key_lifetime_is_external( lifetime ) ) ) - return( PSA_SUCCESS ); - else - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_SUCCESS ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - (void) key_id; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ } } -psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) +psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; psa_key_slot_t *slot; - *handle = 0; - - if( ! psa_is_key_id_valid( id, 1 ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = psa_get_empty_key_slot( handle, &slot ); - if( status != PSA_SUCCESS ) - return( status ); - - slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; - slot->attr.id = id; - - status = psa_load_persistent_key_into_slot( slot ); + status = psa_get_and_lock_key_slot( key, &slot ); if( status != PSA_SUCCESS ) { - psa_wipe_key_slot( slot ); - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; + return( status ); } - return( status ); + + *handle = key; + + return( psa_unlock_key_slot( slot ) ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ - (void) id; - *handle = 0; + (void) key; + *handle = PSA_KEY_HANDLE_INIT; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ } @@ -265,23 +409,48 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) psa_status_t status; psa_key_slot_t *slot; - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); - status = psa_get_key_slot( handle, &slot ); + status = psa_get_and_lock_key_slot_in_memory( handle, &slot ); if( status != PSA_SUCCESS ) return( status ); - return( psa_wipe_key_slot( slot ) ); + if( slot->lock_count <= 1 ) + return( psa_wipe_key_slot( slot ) ); + else + return( psa_unlock_key_slot( slot ) ); +} + +psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) +{ + psa_status_t status; + psa_key_slot_t *slot; + + status = psa_get_and_lock_key_slot_in_memory( key, &slot ); + if( status != PSA_SUCCESS ) + return( status ); + + if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && + ( slot->lock_count <= 1 ) ) + return( psa_wipe_key_slot( slot ) ); + else + return( psa_unlock_key_slot( slot ) ); } void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) { - psa_key_handle_t key; + size_t slot_idx; + memset( stats, 0, sizeof( *stats ) ); - for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ ) + + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { - const psa_key_slot_t *slot = &global_data.key_slots[key - 1]; + const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + if( psa_is_key_slot_locked( slot ) ) + { + ++stats->locked_slots; + } if( ! psa_is_key_slot_occupied( slot ) ) { ++stats->empty_slots; @@ -291,14 +460,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) ++stats->volatile_slots; else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT ) { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); ++stats->persistent_slots; if( id > stats->max_open_internal_key_id ) stats->max_open_internal_key_id = id; } else { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); ++stats->external_slots; if( id > stats->max_open_external_key_id ) stats->max_open_external_key_id = id; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 676a77e5a..ef0814ac9 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -22,32 +22,86 @@ #define PSA_CRYPTO_SLOT_MANAGEMENT_H #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "psa_crypto_se.h" /* Number of key slots (plus one because 0 is not used). * The value is a compile-time constant for now, for simplicity. */ #define PSA_KEY_SLOT_COUNT 32 -/** Access a key slot at the given handle. +/** Range of volatile key identifiers. * - * \param handle Key handle to query. - * \param[out] p_slot On success, `*p_slot` contains a pointer to the - * key slot in memory designated by \p handle. - * - * \retval PSA_SUCCESS - * Success: \p handle is a handle to `*p_slot`. Note that `*p_slot` - * may be empty or occupied. - * \retval PSA_ERROR_INVALID_HANDLE - * \p handle is out of range or is not in use. - * \retval PSA_ERROR_BAD_STATE - * The library has not been initialized. + * The last PSA_KEY_SLOT_COUNT identifiers of the implementation range + * of key identifiers are reserved for volatile key identifiers. + * A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the + * index of the key slot containing the volatile key definition. */ -psa_status_t psa_get_key_slot( psa_key_handle_t handle, - psa_key_slot_t **p_slot ); + +/** The minimum value for a volatile key identifier. + */ +#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \ + PSA_KEY_SLOT_COUNT + 1 ) + +/** The maximum value for a volatile key identifier. + */ +#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX + +/** Test whether a key identifier is a volatile key identifier. + * + * \param key_id Key identifier to test. + * + * \retval 1 + * The key identifier is a volatile key identifier. + * \retval 0 + * The key identifier is not a volatile key identifier. + */ +static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) +{ + return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) && + ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ); +} + +/** Get the description of a key given its identifier and lock it. + * + * The descriptions of volatile keys and loaded persistent keys are stored in + * key slots. This function returns a pointer to the key slot containing the + * description of a key given its identifier. + * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. + * + * \param key Key identifier to query. + * \param[out] p_slot On success, `*p_slot` contains a pointer to the + * key slot containing the description of the key + * identified by \p key. + * + * \retval #PSA_SUCCESS + * \p *p_slot contains a pointer to the key slot containing the + * description of the key identified by \p key. + * The key slot counter has been incremented. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been initialized. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \p key is a persistent key identifier. The implementation does not + * have sufficient resources to load the persistent key. This can be + * due to a lack of empty key slot, or available memory. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no key with key identifier \p key. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + */ +psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot ); /** Initialize the key slot structures. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Currently this function always succeeds. */ psa_status_t psa_initialize_key_slots( void ); @@ -60,19 +114,61 @@ void psa_wipe_all_key_slots( void ); /** Find a free key slot. * * This function returns a key slot that is available for use and is in its - * ground state (all-bits-zero). + * ground state (all-bits-zero). On success, the key slot is locked. It is + * the responsibility of the caller to unlock the key slot when it does not + * access it anymore. * - * \param[out] handle On success, a slot number that can be used as a - * handle to the slot. - * \param[out] p_slot On success, a pointer to the slot. + * \param[out] volatile_key_id On success, volatile key identifier + * associated to the returned slot. + * \param[out] p_slot On success, a pointer to the slot. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, +psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ); +/** Lock a key slot. + * + * This function increments the key slot lock counter by one. + * + * \param[in] slot The key slot. + * + * \retval #PSA_SUCCESS + The key slot lock counter was incremented. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The lock counter already reached its maximum value and was not + * increased. + */ +static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot ) +{ + if( slot->lock_count >= SIZE_MAX ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + + slot->lock_count++; + + return( PSA_SUCCESS ); +} + +/** Unlock a key slot. + * + * This function decrements the key slot lock counter by one. + * + * \note To ease the handling of errors in retrieving a key slot + * a NULL input pointer is valid, and the function returns + * successfully without doing anything in that case. + * + * \param[in] slot The key slot. + * \retval #PSA_SUCCESS + * \p slot is NULL or the key slot lock counter has been + * decremented successfully. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The lock counter was equal to 0. + * + */ +psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ); + /** Test whether a lifetime designates a key in an external cryptoprocessor. * * \param lifetime The lifetime to test. @@ -108,19 +204,26 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ); -/** Validate that a key's persistence attributes are valid. +/** Validate the persistence of a key. * - * This function checks whether a key's declared persistence level and key ID - * attributes are valid and known to the PSA Core in its actual configuration. - * - * \param[in] lifetime The key lifetime attribute. - * \param[in] key_id The key ID attribute + * \param[in] lifetime The key lifetime attribute. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INVALID_ARGUMENT The key is persistent but persistent + * keys are not supported. */ -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_id_t key_id ); +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); +/** Validate a key identifier. + * + * \param[in] key The key identifier. + * \param[in] vendor_ok Non-zero to indicate that key identifiers in the + * vendor range are allowed, volatile key identifiers + * excepted \c 0 otherwise. + * + * \retval #PSA_SUCCESS The identifier is valid. + * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid. + */ +psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 37820533f..1ebd20ee3 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -55,27 +55,27 @@ /* Key storage */ /****************************************************************/ -/* Determine a file name (ITS file identifier) for the given key file - * identifier. The file name must be distinct from any file that is used - * for a purpose other than storing a key. Currently, the only such file - * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID - * and whose value is 0xFFFFFF52. */ -static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id ) +/* Determine a file name (ITS file identifier) for the given key identifier. + * The file name must be distinct from any file that is used for a purpose + * other than storing a key. Currently, the only such file is the random seed + * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is + * 0xFFFFFF52. */ +static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) { -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \ - defined(PSA_CRYPTO_SECURE) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Encode the owner in the upper 32 bits. This means that if * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so * the whole range 0..0xffffffff is available for non-key files. */ - uint32_t unsigned_owner = (uint32_t) file_id.owner; - return( (uint64_t) unsigned_owner << 32 | file_id.key_id ); + uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ); + return( ( (uint64_t) unsigned_owner_id << 32 ) | + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); #else /* Use the key id directly as a file name. - * psa_is_key_file_id_valid() in psa_crypto_slot_management.c + * psa_is_key_id_valid() in psa_crypto_slot_management.c * is responsible for ensuring that key identifiers do not have a * value that is reserved for non-key files. */ - return( file_id ); + return( key ); #endif } @@ -90,13 +90,12 @@ static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id ) * \param[out] data Buffer where the data is to be written. * \param data_size Size of the \c data buffer in bytes. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DOES_NOT_EXIST */ -static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, - uint8_t *data, - size_t data_size ) +static psa_status_t psa_crypto_storage_load( + const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size ) { psa_status_t status; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -114,7 +113,7 @@ static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, return( status ); } -int psa_is_key_present_in_storage( const psa_key_file_id_t key ) +int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ) { psa_status_t ret; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -138,12 +137,12 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ) * \param data_length The number of bytes * that make up the data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_ALREADY_EXISTS + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_ALREADY_EXISTS */ -static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, +static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, const uint8_t *data, size_t data_length ) { @@ -174,11 +173,17 @@ static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, exit: if( status != PSA_SUCCESS ) - psa_its_remove( data_identifier ); + { + /* Remove the file in case we managed to create it but something + * went wrong. It's ok if the file doesn't exist. If the file exists + * but the removal fails, we're already reporting an error so there's + * nothing else we can do. */ + (void) psa_its_remove( data_identifier ); + } return( status ); } -psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ) +psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) { psa_status_t ret; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -205,11 +210,11 @@ psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ) * is to be obtained. * \param[out] data_length The number of bytes that make up the data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_STORAGE_FAILURE */ static psa_status_t psa_crypto_storage_get_data_length( - const psa_key_file_id_t key, + const mbedtls_svc_key_id_t key, size_t *data_length ) { psa_status_t status; @@ -248,6 +253,25 @@ static psa_status_t psa_crypto_storage_get_data_length( } #endif +/* + * 16-bit integer manipulation macros (little endian) + */ +#ifndef GET_UINT16_LE +#define GET_UINT16_LE( n, b, i ) \ +{ \ + (n) = ( (uint16_t) (b)[(i) ] ) \ + | ( (uint16_t) (b)[(i) + 1] << 8 ); \ +} +#endif + +#ifndef PUT_UINT16_LE +#define PUT_UINT16_LE( n, b, i ) \ +{ \ + (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ + (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ +} +#endif + /** * Persistent key storage magic header. */ @@ -258,9 +282,8 @@ typedef struct { uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; uint8_t version[4]; uint8_t lifetime[sizeof( psa_key_lifetime_t )]; - uint8_t type[4]; /* Size=4 for a 2-byte type to keep the structure more - * regular and aligned and to make potential future - * extensibility easier. */ + uint8_t type[2]; + uint8_t bits[2]; uint8_t policy[sizeof( psa_key_policy_t )]; uint8_t data_len[4]; uint8_t key_data[]; @@ -277,7 +300,8 @@ void psa_format_key_data_for_storage( const uint8_t *data, memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); PUT_UINT32_LE( 0, storage_format->version, 0 ); PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - PUT_UINT32_LE( (uint32_t) attr->type, storage_format->type, 0 ); + PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); + PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); @@ -303,7 +327,6 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, const psa_persistent_key_storage_format *storage_format = (const psa_persistent_key_storage_format *)storage_data; uint32_t version; - uint32_t type; if( storage_data_length < sizeof(*storage_format) ) return( PSA_ERROR_STORAGE_FAILURE ); @@ -334,11 +357,8 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, } GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - GET_UINT32_LE( type, storage_format->type, 0 ); - if( type <= (psa_key_type_t) -1 ) - attr->type = (psa_key_type_t) type; - else - return( PSA_ERROR_STORAGE_FAILURE ); + GET_UINT16_LE( attr->type, storage_format->type, 0 ); + GET_UINT16_LE( attr->bits, storage_format->bits, 0 ); GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); @@ -388,7 +408,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, psa_status_t status = PSA_SUCCESS; uint8_t *loaded_data; size_t storage_data_length = 0; - psa_key_id_t key = attr->id; + mbedtls_svc_key_id_t key = attr->id; status = psa_crypto_storage_get_data_length( key, &storage_data_length ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index debc742bd..fbc94fc38 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -72,7 +72,7 @@ extern "C" { * \retval 1 * Persistent data present for slot number */ -int psa_is_key_present_in_storage( const psa_key_file_id_t key ); +int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); /** * \brief Format key data and metadata and save to a location for given key @@ -81,9 +81,10 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ); * This function formats the key data and metadata and saves it to a * persistent storage backend. The storage location corresponding to the * key slot must be empty, otherwise this function will fail. This function - * should be called after psa_import_key_into_slot() to ensure the + * should be called after loading the key into an internal slot to ensure the * persistent key is not saved into a storage location corresponding to an - * already occupied non-persistent key, as well as validating the key data. + * already occupied non-persistent key, as well as ensuring the key data is + * validated. * * * \param[in] attr The attributes of the key to save. @@ -92,11 +93,11 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ); * \param[in] data Buffer containing the key data. * \param data_length The number of bytes that make up the key data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_ALREADY_EXISTS + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, const uint8_t *data, @@ -121,10 +122,10 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, * \param[out] data Pointer to an allocated key data buffer on return. * \param[out] data_length The number of bytes that make up the key data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, uint8_t **data, @@ -136,12 +137,12 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, * \param key Persistent identifier of the key to remove * from persistent storage. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The key was successfully removed, * or the key did not exist. - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE */ -psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ); +psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); /** * \brief Free the temporary buffer allocated by psa_load_persistent_key(). @@ -181,10 +182,10 @@ void psa_format_key_data_for_storage( const uint8_t *data, * \param[out] attr On success, the attribute structure is filled * with the loaded key metadata. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_STORAGE_FAILURE */ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, size_t storage_data_length, @@ -292,7 +293,7 @@ typedef union uint16_t unused1; psa_key_lifetime_t lifetime; psa_key_slot_number_t slot; - psa_key_id_t id; + mbedtls_svc_key_id_t id; } key; } psa_crypto_transaction_t; diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 34a75dc69..2fbff20ef 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -233,7 +233,12 @@ exit: if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 ) status = PSA_ERROR_STORAGE_FAILURE; } - remove( PSA_ITS_STORAGE_TEMP ); + /* The temporary file may still exist, but only in failure cases where + * we're already reporting an error. So there's nothing we can do on + * failure. If the function succeeded, and in some error cases, the + * temporary file doesn't exist and so remove() is expected to fail. + * Thus we just ignore the return status of remove(). */ + (void) remove( PSA_ITS_STORAGE_TEMP ); return( status ); } diff --git a/library/ripemd160.c b/library/ripemd160.c index 7a93b0843..ae4dee412 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -484,8 +484,7 @@ static const unsigned char ripemd160_test_str[TESTS][81] = { "abcdefghijklmnopqrstuvwxyz" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" }, + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }, }; static const size_t ripemd160_test_strlen[TESTS] = diff --git a/library/rsa.c b/library/rsa.c index 84d87de0d..d6abd65d4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -811,15 +811,14 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, * which one, we just loop and choose new values for both of them. * (Each iteration succeeds with overwhelming probability.) */ ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); - if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - continue; - if( ret != 0 ) + if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - } while( 0 ); + } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + + /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); /* Blinding value: Vi = Vf^(-e) mod N * (Vi already contains Vf^-1 at this point) */ diff --git a/library/sha512.c b/library/sha512.c index f486711e0..06a628aed 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -534,8 +534,7 @@ void mbedtls_sha512( const unsigned char *input, static const unsigned char sha512_test_buf[3][113] = { { "abc" }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, { "" } }; diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8d95789d6..a8331d9bb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -63,7 +63,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -756,6 +756,126 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) +{ + unsigned char *p = buf; + size_t protection_profiles_index = 0, ext_len = 0; + uint16_t mki_len = 0, profile_value = 0; + + *olen = 0; + + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + { + return( 0 ); + } + + /* RFC 5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + */ + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } + /* Extension length = 2 bytes for profiles length, + * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), + * 1 byte for srtp_mki vector length and the mki_len value + */ + ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); + + /* Check there is room in the buffer for the extension + 4 bytes + * - the extension tag (2 bytes) + * - the extension length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + + + *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ext_len & 0xFF ); + + /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ + /* micro-optimization: + * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + * which is lower than 127, so the upper byte of the length is always 0 + * For the documentation, the more generic code is left in comments + * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) + * >> 8 ) & 0xFF ); + */ + *p++ = 0; + *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) + & 0xFF ); + + for( protection_profiles_index=0; + protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; + protection_profiles_index++ ) + { + profile_value = mbedtls_ssl_check_srtp_profile_value + ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + profile_value ) ); + *p++ = ( ( profile_value >> 8 ) & 0xFF ); + *p++ = ( profile_value & 0xFF ); + } + else + { + /* + * Note: we shall never arrive here as protection profiles + * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function + */ + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, " + "illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] + ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + } + + *p++ = mki_len & 0xFF; + + if( mki_len != 0 ) + { + memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len ); + /* + * Increment p to point to the current position. + */ + p += mki_len; + MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); + } + + /* + * total extension length: extension type (2 bytes) + * + extension length (2 bytes) + * + protection profile length (2 bytes) + * + 2 * number of protection profiles + * + srtp_mki vector length(1 byte) + * + mki value + */ + *olen = p - buf; + + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Generate random bytes for ClientHello */ @@ -1061,8 +1181,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->conf->max_minor_ver ) != 0 ) continue; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", - ciphersuites[i] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", + ciphersuites[i], ciphersuite_info->name ) ); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1277,6 +1397,16 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); + return( ret ); + } + ext_len += olen; +#endif + #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) @@ -1710,6 +1840,123 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; + size_t i, mki_len = 0; + uint16_t server_protection_profile_value = 0; + + /* If use_srtp is not configured, just ignore the extension */ + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + return( 0 ); + + /* RFC 5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + * + */ + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } + + /* + * Length is 5 + optional mki_value : one protection profile length (2 bytes) + * + protection profile (2 bytes) + * + mki_len(1 byte) + * and optional srtp_mki + */ + if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + + /* + * get the server protection profile + */ + + /* + * protection profile length must be 0x0002 as we must have only + * one protection profile in server Hello + */ + if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + + server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; + server_protection = mbedtls_ssl_check_srtp_profile_value( + server_protection_profile_value ); + if( server_protection != MBEDTLS_TLS_SRTP_UNSET ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); + } + + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; + + /* + * Check we have the server profile in our list + */ + for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) + { + if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) + { + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); + break; + } + } + + /* If no match was found : server problem, it shall never answer with incompatible profile */ + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + /* If server does not use mki in its reply, make sure the client won't keep + * one as negotiated */ + if( len == 5 ) + { + ssl->dtls_srtp_info.mki_len = 0; + } + + /* + * RFC5764: + * If the client detects a nonzero-length MKI in the server's response + * that is different than the one the client offered, then the client + * MUST abort the handshake and SHOULD send an invalid_parameter alert. + */ + if( len > 5 && ( buf[4] != mki_len || + ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } +#if defined (MBEDTLS_DEBUG_C) + if( len > 5 ) + { + MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); + } +#endif + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Parse HelloVerifyRequest. Only called after verifying the HS type. */ @@ -2278,6 +2525,16 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + + if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); + + break; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", ext_id ) ); @@ -3545,7 +3802,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) status = psa_destroy_key( handshake->ecdh_psa_privkey ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - handshake->ecdh_psa_privkey = 0; + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO && diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 357826509..bdf882d87 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1045,21 +1045,86 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) /* - * Constant-flow conditional memcpy: - * - if c1 == c2, equivalent to memcpy(dst, src, len), - * - otherwise, a no-op, - * but with execution flow independent of the values of c1 and c2. + * Turn a bit into a mask: + * - if bit == 1, return the all-bits 1 mask, aka (size_t) -1 + * - if bit == 0, return the all-bits 0 mask, aka 0 * - * Use only bit operations to avoid branches that could be used by some - * compilers on some platforms to translate comparison operators. + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ -static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, - const unsigned char *src, - size_t len, - size_t c1, size_t c2 ) +static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) { - /* diff = 0 if c1 == c2, non-zero otherwise */ - const size_t diff = c1 ^ c2; + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return -bit; +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} + +/* + * Constant-flow mask generation for "less than" comparison: + * - if x < y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) +{ + /* This has the most significant bit set if and only if x < y */ + const size_t sub = x - y; + + /* sub1 = (x < y) ? 1 : 0 */ + const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); + + /* mask = (x < y) ? 0xff... : 0x00... */ + const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 ); + + return( mask ); +} + +/* + * Constant-flow mask generation for "greater or equal" comparison: + * - if x >= y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) +{ + return( ~mbedtls_ssl_cf_mask_lt( x, y ) ); +} + +/* + * Constant-flow boolean "equal" comparison: + * return x == y + * + * This function can be used to write constant-time code by replacing branches + * with bit operations - it can be used in conjunction with + * mbedtls_ssl_cf_mask_from_bit(). + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) +{ + /* diff = 0 if x == y, non-zero otherwise */ + const size_t diff = x ^ y; /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ @@ -1068,22 +1133,40 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, #pragma warning( disable : 4146 ) #endif - /* diff_msb's most significant bit is equal to c1 != c2 */ + /* diff_msb's most significant bit is equal to x != y */ const size_t diff_msb = ( diff | -diff ); - /* diff1 = c1 != c2 */ - const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); - - /* mask = c1 != c2 ? 0xff : 0x00 */ - const unsigned char mask = (unsigned char) -diff1; - #if defined(_MSC_VER) #pragma warning( pop ) #endif - /* dst[i] = c1 != c2 ? dst[i] : src[i] */ + /* diff1 = (x != y) ? 1 : 0 */ + const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + + return( 1 ^ diff1 ); +} + +/* + * Constant-flow conditional memcpy: + * - if c1 == c2, equivalent to memcpy(dst, src, len), + * - otherwise, a no-op, + * but with execution flow independent of the values of c1 and c2. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, + const unsigned char *src, + size_t len, + size_t c1, size_t c2 ) +{ + /* mask = c1 == c2 ? 0xff : 0x00 */ + const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); + const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal ); + + /* dst[i] = c1 == c2 ? src[i] : dst[i] */ for( size_t i = 0; i < len; i++ ) - dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask ); + dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask ); } /* @@ -1528,8 +1611,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( auth_done == 1 ) { - correct *= ( rec->data_len >= padlen + 1 ); - padlen *= ( rec->data_len >= padlen + 1 ); + const size_t mask = mbedtls_ssl_cf_mask_ge( + rec->data_len, + padlen + 1 ); + correct &= mask; + padlen &= mask; } else { @@ -1543,8 +1629,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #endif - correct *= ( rec->data_len >= transform->maclen + padlen + 1 ); - padlen *= ( rec->data_len >= transform->maclen + padlen + 1 ); + const size_t mask = mbedtls_ssl_cf_mask_ge( + rec->data_len, + transform->maclen + padlen + 1 ); + correct &= mask; + padlen &= mask; } padlen++; @@ -1555,6 +1644,10 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { + /* This is the SSL 3.0 path, we don't have to worry about Lucky + * 13, because there's a strictly worse padding attack built in + * the protocol (known as part of POODLE), so we don't care if the + * code is not constant-time, in particular branches are OK. */ if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -1578,7 +1671,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * `min(256,plaintext_len)` reads (but take into account * only the last `padlen` bytes for the padding check). */ size_t pad_count = 0; - size_t real_count = 0; volatile unsigned char* const check = data; /* Index of first padding byte; it has been ensured above @@ -1590,16 +1682,21 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, for( idx = start_idx; idx < rec->data_len; idx++ ) { - real_count |= ( idx >= padding_idx ); - pad_count += real_count * ( check[idx] == padlen - 1 ); + /* pad_count += (idx >= padding_idx) && + * (check[idx] == padlen - 1); + */ + const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx ); + const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx], + padlen - 1 ); + pad_count += mask & equal; } - correct &= ( pad_count == padlen ); + correct &= mbedtls_ssl_cf_bool_eq( pad_count, padlen ); #if defined(MBEDTLS_SSL_DEBUG_ALL) if( padlen > 0 && correct == 0 ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); #endif - padlen &= correct * 0x1FF; + padlen &= mbedtls_ssl_cf_mask_from_bit( correct ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ @@ -1921,14 +2018,6 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { uint32_t timeout; - /* Just to be sure */ - if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " - "mbedtls_ssl_set_timer_cb() for DTLS" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - /* * The point is, we need to always read a full datagram at once, so we * sometimes read more then requested, and handle the additional data. @@ -2096,7 +2185,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %lu were requested", @@ -2150,7 +2239,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %lu bytes were sent", diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 8c1ec6b55..e33b828ad 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -157,7 +157,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -172,13 +172,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); @@ -776,6 +776,126 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; + size_t i,j; + size_t profile_length; + uint16_t mki_length; + /*! 2 bytes for profile length and 1 byte for mki len */ + const size_t size_of_lengths = 3; + + /* If use_srtp is not configured, just ignore the extension */ + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + { + return( 0 ); + } + + /* RFC5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + */ + + /* + * Min length is 5: at least one protection profile(2 bytes) + * and length(2 bytes) + srtp_mki length(1 byte) + * Check here that we have at least 2 bytes of protection profiles length + * and one of srtp_mki length + */ + if( len < size_of_lengths ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; + + /* first 2 bytes are protection profile length(in bytes) */ + profile_length = ( buf[0] << 8 ) | buf[1]; + buf += 2; + + /* The profile length cannot be bigger than input buffer size - lengths fields */ + if( profile_length > len - size_of_lengths || + profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + /* + * parse the extension list values are defined in + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + */ + for( j = 0; j < profile_length; j += 2 ) + { + uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; + client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); + + if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); + } + else + { + continue; + } + /* check if suggested profile is in our list */ + for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) + { + if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) + { + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); + break; + } + } + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET ) + break; + } + buf += profile_length; /* buf points to the mki length */ + mki_length = *buf; + buf++; + + if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || + mki_length + profile_length + size_of_lengths != len ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* Parse the mki only if present and mki is supported locally */ + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + mki_length > 0 ) + { + ssl->dtls_srtp_info.mki_len = mki_length; + + memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); + } + + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Auxiliary functions for ServerHello parsing and related actions */ @@ -927,7 +1047,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", + suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || suite_info->max_minor_ver < ssl->minor_ver ) @@ -1941,6 +2062,16 @@ read_record_header: break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + + ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", ext_id ) ); @@ -2499,6 +2630,78 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) +static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + size_t mki_len = 0, ext_len = 0; + uint16_t profile_value = 0; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + *olen = 0; + + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) + { + return; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); + + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } + + /* The extension total size is 9 bytes : + * - 2 bytes for the extension tag + * - 2 bytes for the total size + * - 2 bytes for the protection profile length + * - 2 bytes for the protection profile + * - 1 byte for the mki length + * + the actual mki length + * Check we have enough room in the output buffer */ + if( (size_t)( end - buf ) < mki_len + 9 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + /* extension */ + buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); + buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + /* + * total length 5 and mki value: only one profile(2 bytes) + * and length(2 bytes) and srtp_mki ) + */ + ext_len = 5 + mki_len; + buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + buf[3] = (unsigned char)( ext_len & 0xFF ); + + /* protection profile length: 2 */ + buf[4] = 0x00; + buf[5] = 0x02; + profile_value = mbedtls_ssl_check_srtp_profile_value( + ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) + { + buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); + buf[7] = (unsigned char)( profile_value & 0xFF ); + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) ); + return; + } + + buf[8] = mki_len & 0xFF; + memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len ); + + *olen = 9 + mki_len; +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) { @@ -2787,6 +2990,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); if( ext_len > 0 ) @@ -3721,11 +3929,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, /* In case of a failure in decryption, the decryption may write less than * 2 bytes of output, but we always read the first two bytes. It doesn't * matter in the end because diff will be nonzero in that case due to - * peer_pmslen being less than 48, and we only care whether diff is 0. - * But do initialize peer_pms for robustness anyway. This also makes - * memory analyzers happy (don't access uninitialized memory, even - * if it's an unsigned char). */ + * ret being nonzero, and we only care whether diff is 0. + * But do initialize peer_pms and peer_pmslen for robustness anyway. This + * also makes memory analyzers happy (don't access uninitialized memory, + * even if it's an unsigned char). */ peer_pms[0] = peer_pms[1] = ~0; + peer_pmslen = 0; ret = ssl_decrypt_encrypted_pms( ssl, p, end, peer_pms, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7062d53b7..a1a5859f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -446,7 +446,7 @@ exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, - psa_key_handle_t slot, + psa_key_id_t key, psa_algorithm_t alg, const unsigned char* seed, size_t seed_length, const unsigned char* label, size_t label_length, @@ -466,7 +466,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de if( status != PSA_SUCCESS ) return( status ); - if( slot == 0 ) + if( mbedtls_svc_key_id_is_null( key ) ) { status = psa_key_derivation_input_bytes( derivation, PSA_KEY_DERIVATION_INPUT_SECRET, @@ -475,8 +475,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de else { status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - slot ); + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); } if( status != PSA_SUCCESS ) return( status ); @@ -507,7 +506,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, { psa_status_t status; psa_algorithm_t alg; - psa_key_handle_t master_slot = 0; + psa_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -521,7 +520,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, * this PRF is also used to derive an IV, in particular in EAP-TLS, * and for this use case it makes sense to have a 0-length "secret". * Since the key API doesn't allow importing a key of length 0, - * keep master_slot=0, which setup_psa_key_derivation() understands + * keep master_key=0, which setup_psa_key_derivation() understands * to mean a 0-length "secret" input. */ if( slen != 0 ) { @@ -530,13 +529,13 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_set_key_algorithm( &key_attributes, alg ); psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); - status = psa_import_key( &key_attributes, secret, slen, &master_slot ); + status = psa_import_key( &key_attributes, secret, slen, &master_key ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } status = setup_psa_key_derivation( &derivation, - master_slot, alg, + master_key, alg, random, rlen, (unsigned char const *) label, (size_t) strlen( label ), @@ -544,7 +543,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } @@ -552,19 +551,19 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } status = psa_key_derivation_abort( &derivation ); if( status != PSA_SUCCESS ) { - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( master_slot != 0 ) - status = psa_destroy_key( master_slot ); + if( ! mbedtls_svc_key_id_is_null( master_key ) ) + status = psa_destroy_key( master_key ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -681,20 +680,20 @@ static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char *, size_t * ); +static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * ); +static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); #endif #if defined(MBEDTLS_SHA512_C) static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * ); +static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -707,13 +706,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); @@ -1514,7 +1513,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; psa_algorithm_t alg; - psa_key_handle_t psk; + psa_key_id_t psk; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; @@ -1668,7 +1667,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, - unsigned char hash[36], + unsigned char *hash, size_t *hlen ) { mbedtls_md5_context md5; @@ -1721,7 +1720,7 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, - unsigned char hash[36], + unsigned char *hash, size_t *hlen ) { mbedtls_md5_context md5; @@ -1753,7 +1752,7 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, - unsigned char hash[32], + unsigned char *hash, size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1802,7 +1801,7 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SHA512_C) void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, - unsigned char hash[48], + unsigned char *hash, size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3198,6 +3197,9 @@ static void ssl_calc_finished_tls_sha256( #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) + +typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*); + static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) { @@ -3256,8 +3258,14 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) sha512.state, sizeof( sha512.state ) ); #endif + /* + * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long. + * However, to avoid stringop-overflow warning in gcc, we have to cast + * mbedtls_sha512_finish_ret(). + */ + finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret; + finish( &sha512, padbuf ); - mbedtls_sha512_finish_ret( &sha512, padbuf ); mbedtls_sha512_free( &sha512 ); #endif @@ -3859,6 +3867,10 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, mbedtls_ssl_reset_in_out_pointers( ssl ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) ); +#endif + if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) goto error; @@ -4340,11 +4352,11 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) { /* The maintenance of the PSK key slot is the * user's responsibility. */ - conf->psk_opaque = 0; + conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } /* This and the following branch should never * be taken simultaenously as we maintain the @@ -4428,9 +4440,9 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, static void ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ssl->handshake->psk_opaque != 0 ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) { - ssl->handshake->psk_opaque = 0; + ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -4465,7 +4477,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_handle_t psk_slot, + psa_key_id_t psk, const unsigned char *psk_identity, size_t psk_identity_len ) { @@ -4474,9 +4486,9 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, ssl_conf_remove_psk( conf ); /* Check and set opaque PSK */ - if( psk_slot == 0 ) + if( mbedtls_svc_key_id_is_null( psk ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - conf->psk_opaque = psk_slot; + conf->psk_opaque = psk; /* Check and set PSK Identity */ ret = ssl_conf_set_psk_identity( conf, psk_identity, @@ -4488,13 +4500,14 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, } int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_handle_t psk_slot ) + psa_key_id_t psk ) { - if( psk_slot == 0 || ssl->handshake == NULL ) + if( ( mbedtls_svc_key_id_is_null( psk ) ) || + ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl_remove_psk( ssl ); - ssl->handshake->psk_opaque = psk_slot; + ssl->handshake->psk_opaque = psk; return( 0 ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -4685,6 +4698,86 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, + int support_mki_value ) +{ + conf->dtls_srtp_mki_support = support_mki_value; +} + +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len ) +{ + if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) + { + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) + { + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); + ssl->dtls_srtp_info.mki_len = mki_len; + return( 0 ); +} + +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles ) +{ + const mbedtls_ssl_srtp_profile *p; + size_t list_size = 0; + + /* check the profiles list: all entry must be valid, + * its size cannot be more than the total number of supported profiles, currently 4 */ + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && + list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; + p++ ) + { + if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) + { + list_size++; + } + else + { + /* unsupported value, stop parsing and set the size to an error value */ + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; + } + } + + if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) + { + conf->dtls_srtp_profile_list = NULL; + conf->dtls_srtp_profile_list_len = 0; + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + conf->dtls_srtp_profile_list = profiles; + conf->dtls_srtp_profile_list_len = list_size; + + return( 0 ); +} + +void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info ) +{ + dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; + /* do not copy the mki value if there is no chosen profile */ + if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + { + dtls_srtp_info->mki_len = 0; + } + else + { + dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; + memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); + } +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) { conf->max_major_ver = major; @@ -5682,11 +5775,24 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) { int ret = 0; + /* Sanity checks */ + if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " + "mbedtls_ssl_set_timer_cb() for DTLS" ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); + /* Main handshake loop */ while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake_step( ssl ); diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c new file mode 100644 index 000000000..c39e0322b --- /dev/null +++ b/library/ssl_tls13_keys.c @@ -0,0 +1,349 @@ +/* + * TLS 1.3 key schedule + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +#include "mbedtls/hkdf.h" +#include "mbedtls/ssl_internal.h" +#include "ssl_tls13_keys.h" + +#include +#include + +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + .name = string, + +struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = +{ + /* This seems to work in C, despite the string literal being one + * character too long due to the 0-termination. */ + MBEDTLS_SSL_TLS1_3_LABEL_LIST +}; + +#undef MBEDTLS_SSL_TLS1_3_LABEL + +/* + * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. + * + * The HkdfLabel is specified in RFC 8446 as follows: + * + * struct HkdfLabel { + * uint16 length; // Length of expanded key material + * opaque label<7..255>; // Always prefixed by "tls13 " + * opaque context<0..255>; // Usually a communication transcript hash + * }; + * + * Parameters: + * - desired_length: Length of expanded key material + * Even though the standard allows expansion to up to + * 2**16 Bytes, TLS 1.3 never uses expansion to more than + * 255 Bytes, so we require `desired_length` to be at most + * 255. This allows us to save a few Bytes of code by + * hardcoding the writing of the high bytes. + * - (label, llen): label + label length, without "tls13 " prefix + * The label length MUST be less than or equal to + * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN + * It is the caller's responsibility to ensure this. + * All (label, label length) pairs used in TLS 1.3 + * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). + * - (ctx, clen): context + context length + * The context length MUST be less than or equal to + * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN + * It is the caller's responsibility to ensure this. + * - dst: Target buffer for HkdfLabel structure, + * This MUST be a writable buffer of size + * at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes. + * - dlen: Pointer at which to store the actual length of + * the HkdfLabel structure on success. + */ + +static const char tls1_3_label_prefix[6] = "tls13 "; + +#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ + ( 2 /* expansion length */ \ + + 1 /* label length */ \ + + label_len \ + + 1 /* context length */ \ + + context_len ) + +#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ + sizeof(tls1_3_label_prefix) + \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + +static void ssl_tls1_3_hkdf_encode_label( + size_t desired_length, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *dst, size_t *dlen ) +{ + size_t total_label_len = + sizeof(tls1_3_label_prefix) + llen; + size_t total_hkdf_lbl_len = + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); + + unsigned char *p = dst; + + /* Add the size of the expanded key material. + * We're hardcoding the high byte to 0 here assuming that we never use + * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ +#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 +#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \ + value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" +#endif + + *p++ = 0; + *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); + + /* Add label incl. prefix */ + *p++ = (unsigned char)( total_label_len & 0xFF ); + memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); + p += sizeof(tls1_3_label_prefix); + memcpy( p, label, llen ); + p += llen; + + /* Add context value */ + *p++ = (unsigned char)( clen & 0xFF ); + if( clen != 0 ) + memcpy( p, ctx, clen ); + + /* Return total length to the caller. */ + *dlen = total_hkdf_lbl_len; +} + +int mbedtls_ssl_tls1_3_hkdf_expand_label( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen ) +{ + const mbedtls_md_info_t *md; + unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; + size_t hkdf_label_len; + + if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) + { + /* Should never happen since this is an internal + * function, and we know statically which labels + * are allowed. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + { + /* Should not happen, as above. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN ) + { + /* Should not happen, as above. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + ssl_tls1_3_hkdf_encode_label( blen, + label, llen, + ctx, clen, + hkdf_label, + &hkdf_label_len ); + + return( mbedtls_hkdf_expand( md, + secret, slen, + hkdf_label, hkdf_label_len, + buf, blen ) ); +} + +/* + * The traffic keying material is generated from the following inputs: + * + * - One secret value per sender. + * - A purpose value indicating the specific value being generated + * - The desired lengths of key and IV. + * + * The expansion itself is based on HKDF: + * + * [sender]_write_key = HKDF-Expand-Label( Secret, "key", "", key_length ) + * [sender]_write_iv = HKDF-Expand-Label( Secret, "iv" , "", iv_length ) + * + * [sender] denotes the sending side and the Secret value is provided + * by the function caller. Note that we generate server and client side + * keys in a single function call. + */ +int mbedtls_ssl_tls1_3_make_traffic_keys( + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys ) +{ + int ret = 0; + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), + NULL, 0, + keys->client_write_key, key_len ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), + NULL, 0, + keys->server_write_key, key_len ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), + NULL, 0, + keys->client_write_iv, iv_len ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), + NULL, 0, + keys->server_write_iv, iv_len ); + if( ret != 0 ) + return( ret ); + + keys->key_len = key_len; + keys->iv_len = iv_len; + + return( 0 ); +} + +int mbedtls_ssl_tls1_3_derive_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen ) +{ + int ret; + unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ]; + + const mbedtls_md_info_t *md; + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) + { + ret = mbedtls_md( md, ctx, clen, hashed_context ); + if( ret != 0 ) + return( ret ); + clen = mbedtls_md_get_size( md ); + } + else + { + if( clen > sizeof(hashed_context) ) + { + /* This should never happen since this function is internal + * and the code sets `ctx_hashed` correctly. + * Let's double-check nonetheless to not run at the risk + * of getting a stack overflow. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + memcpy( hashed_context, ctx, clen ); + } + + return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + secret, slen, + label, llen, + hashed_context, clen, + dstbuf, buflen ) ); +} + +int mbedtls_ssl_tls1_3_evolve_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new ) +{ + int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + size_t hlen, ilen; + unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + + const mbedtls_md_info_t *md; + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + hlen = mbedtls_md_get_size( md ); + + /* For non-initial runs, call Derive-Secret( ., "derived", "") + * on the old secret. */ + if( secret_old != NULL ) + { + ret = mbedtls_ssl_tls1_3_derive_secret( + hash_alg, + secret_old, hlen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ), + NULL, 0, /* context */ + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + tmp_secret, hlen ); + if( ret != 0 ) + goto cleanup; + } + + if( input != NULL ) + { + memcpy( tmp_input, input, input_len ); + ilen = input_len; + } + else + { + ilen = hlen; + } + + /* HKDF-Extract takes a salt and input key material. + * The salt is the old secret, and the input key material + * is the input secret (PSK / ECDHE). */ + ret = mbedtls_hkdf_extract( md, + tmp_secret, hlen, + tmp_input, ilen, + secret_new ); + if( ret != 0 ) + goto cleanup; + + ret = 0; + + cleanup: + + mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); + mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); + return( ret ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h new file mode 100644 index 000000000..7089049ce --- /dev/null +++ b/library/ssl_tls13_keys.h @@ -0,0 +1,274 @@ +/* + * TLS 1.3 key schedule + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) +#define MBEDTLS_SSL_TLS1_3_KEYS_H + +/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at + * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union + * below. */ +#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ + MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) + +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + const unsigned char name [ sizeof(string) - 1 ]; + +union mbedtls_ssl_tls1_3_labels_union +{ + MBEDTLS_SSL_TLS1_3_LABEL_LIST +}; +struct mbedtls_ssl_tls1_3_labels_struct +{ + MBEDTLS_SSL_TLS1_3_LABEL_LIST +}; +#undef MBEDTLS_SSL_TLS1_3_LABEL + +extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; + +#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \ + mbedtls_ssl_tls1_3_labels.LABEL, \ + sizeof(mbedtls_ssl_tls1_3_labels.LABEL) + +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ + sizeof( union mbedtls_ssl_tls1_3_labels_union ) + +/* The maximum length of HKDF contexts used in the TLS 1.3 standard. + * Since contexts are always hashes of message transcripts, this can + * be approximated from above by the maximum hash size. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ + MBEDTLS_MD_MAX_SIZE + +/* Maximum desired length for expanded key material generated + * by HKDF-Expand-Label. + * + * Warning: If this ever needs to be increased, the implementation + * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be + * adjusted since it currently assumes that HKDF key expansion + * is never used with more than 255 Bytes of output. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 + +/** + * \brief The \c HKDF-Expand-Label function from + * the TLS 1.3 standard RFC 8446. + * + * + * HKDF-Expand-Label( Secret, Label, Context, Length ) = + * HKDF-Expand( Secret, HkdfLabel, Length ) + * + * + * \param hash_alg The identifier for the hash algorithm to use. + * \param secret The \c Secret argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p slen Bytes. + * \param slen The length of \p secret in Bytes. + * \param label The \c Label argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p llen Bytes. + * \param llen The length of \p label in Bytes. + * \param ctx The \c Context argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p clen Bytes. + * \param clen The length of \p context in Bytes. + * \param buf The destination buffer to hold the expanded secret. + * This must be a writable buffer of length \p blen Bytes. + * \param blen The desired size of the expanded secret in Bytes. + * + * \returns \c 0 on success. + * \return A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_hkdf_expand_label( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen ); + +/** + * \brief This function is part of the TLS 1.3 key schedule. + * It extracts key and IV for the actual client/server traffic + * from the client/server traffic secrets. + * + * From RFC 8446: + * + * + * [sender]_write_key = HKDF-Expand-Label(Secret, "key", "", key_length) + * [sender]_write_iv = HKDF-Expand-Label(Secret, "iv", "", iv_length)* + * + * + * \param hash_alg The identifier for the hash algorithm to be used + * for the HKDF-based expansion of the secret. + * \param client_secret The client traffic secret. + * This must be a readable buffer of size \p slen Bytes + * \param server_secret The server traffic secret. + * This must be a readable buffer of size \p slen Bytes + * \param slen Length of the secrets \p client_secret and + * \p server_secret in Bytes. + * \param key_len The desired length of the key to be extracted in Bytes. + * \param iv_len The desired length of the IV to be extracted in Bytes. + * \param keys The address of the structure holding the generated + * keys and IVs. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_make_traffic_keys( + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys ); + + +#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 +#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 + +/** + * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446. + * + * + * Derive-Secret( Secret, Label, Messages ) = + * HKDF-Expand-Label( Secret, Label, + * Hash( Messages ), + * Hash.Length ) ) + * + * + * \param hash_alg The identifier for the hash function used for the + * applications of HKDF. + * \param secret The \c Secret argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p slen Bytes. + * \param slen The length of \p secret in Bytes. + * \param label The \c Label argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p llen Bytes. + * \param llen The length of \p label in Bytes. + * \param ctx The hash of the \c Messages argument to the + * \c Derive-Secret function, or the \c Messages argument + * itself, depending on \p context_already_hashed. + * \param clen The length of \p hash. + * \param ctx_hashed This indicates whether the \p ctx contains the hash of + * the \c Messages argument in the application of the + * \c Derive-Secret function + * (value MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED), or whether + * it is the content of \c Messages itself, in which case + * the function takes care of the hashing + * (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED). + * \param dstbuf The target buffer to write the output of + * \c Derive-Secret to. This must be a writable buffer of + * size \p buflen Bytes. + * \param buflen The length of \p dstbuf in Bytes. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_derive_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen ); + +/** + * \brief Compute the next secret in the TLS 1.3 key schedule + * + * The TLS 1.3 key schedule proceeds as follows to compute + * the three main secrets during the handshake: The early + * secret for early data, the handshake secret for all + * other encrypted handshake messages, and the master + * secret for all application traffic. + * + * + * 0 + * | + * v + * PSK -> HKDF-Extract = Early Secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * (EC)DHE -> HKDF-Extract = Handshake Secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * 0 -> HKDF-Extract = Master Secret + * + * + * Each of the three secrets in turn is the basis for further + * key derivations, such as the derivation of traffic keys and IVs; + * see e.g. mbedtls_ssl_tls1_3_make_traffic_keys(). + * + * This function implements one step in this evolution of secrets: + * + * + * old_secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * input -> HKDF-Extract = new_secret + * + * + * \param hash_alg The identifier for the hash function used for the + * applications of HKDF. + * \param secret_old The address of the buffer holding the old secret + * on function entry. If not \c NULL, this must be a + * readable buffer whose size matches the output size + * of the hash function represented by \p hash_alg. + * If \c NULL, an all \c 0 array will be used instead. + * \param input The address of the buffer holding the additional + * input for the key derivation (e.g., the PSK or the + * ephemeral (EC)DH secret). If not \c NULL, this must be + * a readable buffer whose size \p input_len Bytes. + * If \c NULL, an all \c 0 array will be used instead. + * \param input_len The length of \p input in Bytes. + * \param secret_new The address of the buffer holding the new secret + * on function exit. This must be a writable buffer + * whose size matches the output size of the hash + * function represented by \p hash_alg. + * This may be the same as \p secret_old. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_evolve_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new ); + +#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/library/threading.c b/library/threading.c index 9268da188..2bb932d2d 100644 --- a/library/threading.c +++ b/library/threading.c @@ -42,7 +42,7 @@ #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -57,7 +57,7 @@ #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/library/version_features.c b/library/version_features.c index d2840fa3c..42ccaf954 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -417,9 +417,9 @@ static const char * const features[] = { #if defined(MBEDTLS_ENTROPY_NV_SEED) "MBEDTLS_ENTROPY_NV_SEED", #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) - "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", -#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #if defined(MBEDTLS_MEMORY_DEBUG) "MBEDTLS_MEMORY_DEBUG", #endif /* MBEDTLS_MEMORY_DEBUG */ @@ -435,6 +435,9 @@ static const char * const features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + "MBEDTLS_PSA_CRYPTO_DRIVERS", +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) "MBEDTLS_PSA_CRYPTO_SPM", #endif /* MBEDTLS_PSA_CRYPTO_SPM */ @@ -531,6 +534,9 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) "MBEDTLS_SSL_DTLS_HELLO_VERIFY", #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + "MBEDTLS_SSL_DTLS_SRTP", +#endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */ @@ -573,6 +579,9 @@ static const char * const features[] = { #if defined(MBEDTLS_USE_PSA_CRYPTO) "MBEDTLS_USE_PSA_CRYPTO", #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + "MBEDTLS_PSA_CRYPTO_CONFIG", +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #if defined(MBEDTLS_VERSION_FEATURES) "MBEDTLS_VERSION_FEATURES", #endif /* MBEDTLS_VERSION_FEATURES */ diff --git a/library/x509.c b/library/x509.c index 1579c1abc..2a7be329b 100644 --- a/library/x509.c +++ b/library/x509.c @@ -154,7 +154,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md return( MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - p = (unsigned char *) alg->p; + p = alg->p; end = p + alg->len; if( p >= end ) diff --git a/library/x509_crt.c b/library/x509_crt.c index fcc2ed21e..71e9cec37 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2322,8 +2322,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 if( crt->serial.len == cur->serial.len && memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) { - if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) - return( 1 ); + return( 1 ); } cur = cur->next; diff --git a/programs/.gitignore b/programs/.gitignore index 53c1ed722..88fb9d52b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -32,7 +32,6 @@ pkey/rsa_verify_pss psa/crypto_examples psa/key_ladder_demo psa/psa_constant_names -psa/psa_constant_names_generated.c random/gen_entropy random/gen_random_ctr_drbg random/gen_random_havege diff --git a/programs/Makefile b/programs/Makefile index f9c260867..9cbc47167 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -8,7 +8,7 @@ WARNING_CXXFLAGS ?= -Wall -Wextra LDFLAGS ?= MBEDTLS_TEST_PATH:=../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 @@ -118,8 +118,6 @@ ifdef TEST_CPP APPS += test/cpp_dummy_build$(EXEXT) endif -EXTRA_GENERATED = - .SILENT: .PHONY: all clean list fuzz @@ -141,16 +139,6 @@ $(MBEDLIBS): ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test -ifdef WINDOWS -EXTRA_GENERATED += psa\psa_constant_names_generated.c -else -EXTRA_GENERATED += psa/psa_constant_names_generated.c -endif - -psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c -psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h ../include/psa/crypto_extra.h - ../scripts/generate_psa_constants.py - aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP) echo " CC aes/aescrypt2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -371,12 +359,10 @@ clean: ifndef WINDOWS rm -f $(APPS) -rm -f ssl/ssl_pthread_server$(EXEXT) - rm -f $(EXTRA_GENERATED) -rm -f test/cpp_dummy_build$(EXEXT) else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - del /S /Q /F $(EXTRA_GENERATED) endif $(MAKE) -C fuzz clean diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 2309789a6..6b8ce2ab4 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index e2b0eace2..f0e57052a 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -36,7 +36,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) if (NOT FUZZINGENGINE_LIB) target_link_libraries(${exe} ${libs}) - target_sources(${exe} PRIVATE onefile.c) + set_property(TARGET ${exe} APPEND PROPERTY SOURCES onefile.c) else() target_link_libraries(${exe} ${libs} FuzzingEngine) SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) @@ -45,7 +45,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if (${exe_index} GREATER -1) - target_sources(${exe} PRIVATE common.c) + set_property(TARGET ${exe} APPEND PROPERTY SOURCES common.c) endif() endforeach() diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 8196f3930..fa17918fa 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,5 +1,5 @@ MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index ae294798b..b2f2a1f5c 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index b4b3d3042..9c6fe7d49 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedtls) + target_link_libraries(${exe} ${mbedtls_target}) endforeach() set(executables_mbedcrypto @@ -31,7 +31,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 796ba4b82..a481e3291 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -89,7 +89,7 @@ int main( int argc, char **argv ) { usage: mbedtls_printf( USAGE ); - mbedtls_exit( exit_code ); + goto exit; } for( i = 1; i < argc; i++ ) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index a76266f15..67f136360 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -86,7 +86,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Client: inialize context and generate keypair + * Client: initialize context and generate keypair */ mbedtls_printf( " . Setting up client context..." ); fflush( stdout ); diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index e519696b1..23e85fea7 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -6,19 +6,12 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) -add_custom_target( - psa_constant_names_generated - COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ -) -add_dependencies(psa_constant_names psa_constant_names_generated) - install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 623a0906b..d165d2e55 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -45,13 +45,15 @@ #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \ - !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or " "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR " "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING " - "not defined.\r\n" ); + "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER" + " defined.\r\n" ); return( 0 ); } #else @@ -92,7 +94,7 @@ exit: return( status ); } -static psa_status_t cipher_encrypt( psa_key_handle_t key_handle, +static psa_status_t cipher_encrypt( psa_key_id_t key, psa_algorithm_t alg, uint8_t * iv, size_t iv_size, @@ -108,7 +110,7 @@ static psa_status_t cipher_encrypt( psa_key_handle_t key_handle, size_t iv_len = 0; memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_encrypt_setup( &operation, key_handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); ASSERT_STATUS( status, PSA_SUCCESS ); status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len ); @@ -123,7 +125,7 @@ exit: return( status ); } -static psa_status_t cipher_decrypt( psa_key_handle_t key_handle, +static psa_status_t cipher_decrypt( psa_key_id_t key, psa_algorithm_t alg, const uint8_t * iv, size_t iv_size, @@ -138,7 +140,7 @@ static psa_status_t cipher_decrypt( psa_key_handle_t key_handle, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_decrypt_setup( &operation, key_handle, alg ); + status = psa_cipher_decrypt_setup( &operation, key, alg ); ASSERT_STATUS( status, PSA_SUCCESS ); status = psa_cipher_set_iv( &operation, iv, iv_size ); @@ -165,7 +167,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size]; uint8_t input[block_size]; @@ -181,15 +183,15 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -198,7 +200,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } @@ -215,7 +217,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size + block_size], decrypt[input_size + block_size]; @@ -229,15 +231,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -246,7 +248,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } @@ -262,7 +264,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size], decrypt[input_size]; @@ -276,15 +278,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -293,7 +295,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } @@ -317,18 +319,6 @@ static void cipher_examples( void ) printf( "\tsuccess!\r\n" ); } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - exit( EXIT_FAILURE ); -} -#endif - int main( void ) { ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index ae2442e23..47d5de642 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -65,15 +65,17 @@ #include /* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) +#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ + !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " - "not defined.\n"); + printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " + "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " + "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " + "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER " + "defined.\n" ); return( 0 ); } #else @@ -167,7 +169,7 @@ enum program_mode /* Save a key to a file. In the real world, you may want to export a derived * key sometimes, to share it with another party. */ -static psa_status_t save_key( psa_key_handle_t key_handle, +static psa_status_t save_key( psa_key_id_t key, const char *output_file_name ) { psa_status_t status = PSA_SUCCESS; @@ -175,7 +177,7 @@ static psa_status_t save_key( psa_key_handle_t key_handle, size_t key_size; FILE *key_file = NULL; - PSA_CHECK( psa_export_key( key_handle, + PSA_CHECK( psa_export_key( key, key_data, sizeof( key_data ), &key_size ) ); SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL ); @@ -197,7 +199,7 @@ exit: static psa_status_t generate( const char *key_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t key_handle = 0; + psa_key_id_t key = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, @@ -206,12 +208,12 @@ static psa_status_t generate( const char *key_file_name ) psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - PSA_CHECK( psa_generate_key( &attributes, &key_handle ) ); + PSA_CHECK( psa_generate_key( &attributes, &key ) ); - PSA_CHECK( save_key( key_handle, key_file_name ) ); + PSA_CHECK( save_key( key, key_file_name ) ); exit: - (void) psa_destroy_key( key_handle ); + (void) psa_destroy_key( key ); return( status ); } @@ -223,7 +225,7 @@ exit: static psa_status_t import_key_from_file( psa_key_usage_t usage, psa_algorithm_t alg, const char *key_file_name, - psa_key_handle_t *master_key_handle ) + psa_key_id_t *master_key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -232,8 +234,6 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, FILE *key_file = NULL; unsigned char extra_byte; - *master_key_handle = 0; - SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), key_file ) ) != 0 ); @@ -250,8 +250,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, psa_set_key_usage_flags( &attributes, usage ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - PSA_CHECK( psa_import_key( &attributes, key_data, key_size, - master_key_handle ) ); + PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) ); exit: if( key_file != NULL ) fclose( key_file ); @@ -259,21 +258,22 @@ exit: if( status != PSA_SUCCESS ) { /* If the key creation hasn't happened yet or has failed, - * *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do - * nothing and return PSA_ERROR_INVALID_HANDLE. */ - (void) psa_destroy_key( *master_key_handle ); - *master_key_handle = 0; + * *master_key is null. psa_destroy_key( 0 ) is + * guaranteed to do nothing and return PSA_SUCCESS. */ + (void) psa_destroy_key( *master_key ); + *master_key = 0; } return( status ); } /* Derive the intermediate keys, using the list of labels provided on - * the command line. On input, *key_handle is a handle to the master key. - * This function closes the master key. On successful output, *key_handle - * is a handle to the final derived key. */ + * the command line. On input, *key is the master key identifier. + * This function destroys the master key. On successful output, *key + * is the identifier of the final derived key. + */ static psa_status_t derive_key_ladder( const char *ladder[], size_t ladder_depth, - psa_key_handle_t *key_handle ) + psa_key_id_t *key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -297,17 +297,17 @@ static psa_status_t derive_key_ladder( const char *ladder[], DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) ); PSA_CHECK( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - *key_handle ) ); + *key ) ); PSA_CHECK( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t*) ladder[i], strlen( ladder[i] ) ) ); /* When the parent key is not the master key, destroy it, * since it is no longer needed. */ - PSA_CHECK( psa_close_key( *key_handle ) ); - *key_handle = 0; + PSA_CHECK( psa_destroy_key( *key ) ); + *key = 0; /* Derive the next intermediate key from the parent key. */ PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - key_handle ) ); + key ) ); PSA_CHECK( psa_key_derivation_abort( &operation ) ); } @@ -315,22 +315,22 @@ exit: psa_key_derivation_abort( &operation ); if( status != PSA_SUCCESS ) { - psa_close_key( *key_handle ); - *key_handle = 0; + psa_destroy_key( *key ); + *key = 0; } return( status ); } /* Derive a wrapping key from the last intermediate key. */ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, - psa_key_handle_t derived_key_handle, - psa_key_handle_t *wrapping_key_handle ) + psa_key_id_t derived_key, + psa_key_id_t *wrapping_key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - *wrapping_key_handle = 0; + *wrapping_key = 0; /* Set up a key derivation operation from the key derived from * the master key. */ @@ -340,7 +340,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) ); PSA_CHECK( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - derived_key_handle ) ); + derived_key ) ); PSA_CHECK( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); @@ -351,7 +351,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, WRAPPING_KEY_BITS ); PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - wrapping_key_handle ) ); + wrapping_key ) ); exit: psa_key_derivation_abort( &operation ); @@ -360,7 +360,7 @@ exit: static psa_status_t wrap_data( const char *input_file_name, const char *output_file_name, - psa_key_handle_t wrapping_key_handle ) + psa_key_id_t wrapping_key ) { psa_status_t status; FILE *input_file = NULL; @@ -408,7 +408,7 @@ static psa_status_t wrap_data( const char *input_file_name, /* Wrap the data. */ PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) ); - PSA_CHECK( psa_aead_encrypt( wrapping_key_handle, WRAPPING_ALG, + PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG, header.iv, WRAPPING_IV_SIZE, (uint8_t *) &header, sizeof( header ), buffer, input_size, @@ -437,7 +437,7 @@ exit: static psa_status_t unwrap_data( const char *input_file_name, const char *output_file_name, - psa_key_handle_t wrapping_key_handle ) + psa_key_id_t wrapping_key ) { psa_status_t status; FILE *input_file = NULL; @@ -489,7 +489,7 @@ static psa_status_t unwrap_data( const char *input_file_name, input_file = NULL; /* Unwrap the data. */ - PSA_CHECK( psa_aead_decrypt( wrapping_key_handle, WRAPPING_ALG, + PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG, header.iv, WRAPPING_IV_SIZE, (uint8_t *) &header, sizeof( header ), buffer, ciphertext_size, @@ -527,8 +527,8 @@ static psa_status_t run( enum program_mode mode, const char *output_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t derivation_key_handle = 0; - psa_key_handle_t wrapping_key_handle = 0; + psa_key_id_t derivation_key = 0; + psa_key_id_t wrapping_key = 0; /* Initialize the PSA crypto library. */ PSA_CHECK( psa_crypto_init( ) ); @@ -541,30 +541,30 @@ static psa_status_t run( enum program_mode mode, PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, KDF_ALG, key_file_name, - &derivation_key_handle ) ); + &derivation_key ) ); /* Calculate the derived key for this session. */ PSA_CHECK( derive_key_ladder( ladder, ladder_depth, - &derivation_key_handle ) ); + &derivation_key ) ); switch( mode ) { case MODE_SAVE: - PSA_CHECK( save_key( derivation_key_handle, output_file_name ) ); + PSA_CHECK( save_key( derivation_key, output_file_name ) ); break; case MODE_UNWRAP: PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT, - derivation_key_handle, - &wrapping_key_handle ) ); + derivation_key, + &wrapping_key ) ); PSA_CHECK( unwrap_data( input_file_name, output_file_name, - wrapping_key_handle ) ); + wrapping_key ) ); break; case MODE_WRAP: PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT, - derivation_key_handle, - &wrapping_key_handle ) ); + derivation_key, + &wrapping_key ) ); PSA_CHECK( wrap_data( input_file_name, output_file_name, - wrapping_key_handle ) ); + wrapping_key ) ); break; default: /* Unreachable but some compilers don't realize it. */ @@ -572,11 +572,11 @@ static psa_status_t run( enum program_mode mode, } exit: - /* Close any remaining key. Deinitializing the crypto library would do - * this anyway, but explicitly closing handles makes the code easier - * to reuse. */ - (void) psa_close_key( derivation_key_handle ); - (void) psa_close_key( wrapping_key_handle ); + /* Destroy any remaining key. Deinitializing the crypto library would do + * this anyway since they are volatile keys, but explicitly destroying + * keys makes the code easier to reuse. */ + (void) psa_destroy_key( derivation_key ); + (void) psa_destroy_key( wrapping_key ); /* Deinitialize the PSA crypto library. */ mbedtls_psa_crypto_free( ); return( status ); @@ -603,18 +603,6 @@ static void usage( void ) printf( " and the same sequence of labels.\n" ); } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - exit( EXIT_FAILURE ); -} -#endif - int main( int argc, char *argv[] ) { const char *key_file_name = "master.key"; diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c new file mode 100644 index 000000000..a9568f3e9 --- /dev/null +++ b/programs/psa/psa_constant_names_generated.c @@ -0,0 +1,400 @@ +/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ + +static const char *psa_strerror(psa_status_t status) +{ + switch (status) { + case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS"; + case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE"; + case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; + case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; + case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; + case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; + case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; + case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; + case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA"; + case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY"; + case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY"; + case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE"; + case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT"; + case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE"; + case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING"; + case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE"; + case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED"; + case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED"; + case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE"; + case PSA_SUCCESS: return "PSA_SUCCESS"; + default: return NULL; + } +} + +static const char *psa_ecc_family_name(psa_ecc_family_t curve) +{ + switch (curve) { + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1"; + case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY"; + case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1"; + case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1"; + case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2"; + case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; + case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; + case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; + default: return NULL; + } +} + +static const char *psa_dh_family_name(psa_dh_family_t group) +{ + switch (group) { + case PSA_DH_FAMILY_CUSTOM: return "PSA_DH_FAMILY_CUSTOM"; + case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919"; + default: return NULL; + } +} + +static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) +{ + switch (hash_alg) { + case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH"; + case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH"; + case PSA_ALG_MD2: return "PSA_ALG_MD2"; + case PSA_ALG_MD4: return "PSA_ALG_MD4"; + case PSA_ALG_MD5: return "PSA_ALG_MD5"; + case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160"; + case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224"; + case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256"; + case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384"; + case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512"; + case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1"; + case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224"; + case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256"; + case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384"; + case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512"; + case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224"; + case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256"; + default: return NULL; + } +} + +static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg) +{ + switch (ka_alg) { + case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT"; + case PSA_ALG_ECDH: return "PSA_ALG_ECDH"; + case PSA_ALG_FFDH: return "PSA_ALG_FFDH"; + default: return NULL; + } +} + +static int psa_snprint_key_type(char *buffer, size_t buffer_size, + psa_key_type_t type) +{ + size_t required_size = 0; + switch (type) { + case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break; + case PSA_KEY_TYPE_ARC4: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARC4", 17); break; + case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break; + case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break; + case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break; + case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break; + case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break; + case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break; + case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break; + case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break; + case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break; + case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break; + case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break; + case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break; + case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break; + case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break; + case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; + case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; + case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; + case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; + case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; + case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; + default: + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + append_with_curve(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_ECC_KEY_PAIR", 25, + PSA_KEY_TYPE_ECC_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { + append_with_curve(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27, + PSA_KEY_TYPE_ECC_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { + append_with_group(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_DH_KEY_PAIR", 24, + PSA_KEY_TYPE_DH_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) { + append_with_group(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26, + PSA_KEY_TYPE_DH_GET_FAMILY(type)); + } else { + return snprintf(buffer, buffer_size, + "0x%04x", (unsigned) type); + } + break; + } + buffer[0] = 0; + return (int) required_size; +} + +#define NO_LENGTH_MODIFIER 0xfffffffflu +static int psa_snprint_algorithm(char *buffer, size_t buffer_size, + psa_algorithm_t alg) +{ + size_t required_size = 0; + psa_algorithm_t core_alg = alg; + unsigned long length_modifier = NO_LENGTH_MODIFIER; + if (PSA_ALG_IS_MAC(alg)) { + core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); + if (core_alg != alg) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TRUNCATED_MAC(", 22); + length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); + } + } else if (PSA_ALG_IS_AEAD(alg)) { + core_alg = PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg); + if (core_alg == 0) { + /* For unknown AEAD algorithms, there is no "default tag length". */ + core_alg = alg; + } else if (core_alg != alg) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29); + length_modifier = PSA_AEAD_TAG_LENGTH(alg); + } + } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) && + !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { + core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); + append(&buffer, buffer_size, &required_size, + "PSA_ALG_KEY_AGREEMENT(", 22); + append_with_alg(&buffer, buffer_size, &required_size, + psa_ka_algorithm_name, + PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)); + append(&buffer, buffer_size, &required_size, ", ", 2); + } + switch (core_alg) { + case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; + case PSA_ALG_ARC4: append(&buffer, buffer_size, &required_size, "PSA_ALG_ARC4", 12); break; + case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; + case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; + case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; + case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break; + case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break; + case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break; + case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break; + case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break; + case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break; + case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break; + case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; + case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; + case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; + case PSA_ALG_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20", 16); break; + case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; + case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; + case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; + case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break; + case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break; + case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break; + case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break; + case PSA_ALG_ECB_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECB_NO_PADDING", 22); break; + case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break; + case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break; + case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break; + case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break; + case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break; + case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break; + case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; + case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; + case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; + case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; + case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; + case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; + case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break; + case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break; + case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break; + case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break; + case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break; + case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break; + case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break; + case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break; + case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break; + case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break; + case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break; + case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; + case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; + case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; + case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; + case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; + case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break; + default: + if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DSA(", 11 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_ECDSA(", 13 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_HKDF(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_HKDF(", 12 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_HMAC(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_HMAC(", 12 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_OAEP(", 16 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_PSS(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_PSS(", 15 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TLS12_PRF(", 17 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else { + append_integer(&buffer, buffer_size, &required_size, + "0x%08lx", (unsigned long) core_alg); + } + break; + } + if (core_alg != alg) { + if (length_modifier != NO_LENGTH_MODIFIER) { + append(&buffer, buffer_size, &required_size, ", ", 2); + append_integer(&buffer, buffer_size, &required_size, + "%lu", length_modifier); + } + append(&buffer, buffer_size, &required_size, ")", 1); + } + buffer[0] = 0; + return (int) required_size; +} + +static int psa_snprint_key_usage(char *buffer, size_t buffer_size, + psa_key_usage_t usage) +{ + size_t required_size = 0; + if (usage == 0) { + if (buffer_size > 1) { + buffer[0] = '0'; + buffer[1] = 0; + } else if (buffer_size == 1) { + buffer[0] = 0; + } + return 1; + } + if (usage & PSA_KEY_USAGE_COPY) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18); + usage ^= PSA_KEY_USAGE_COPY; + } + if (usage & PSA_KEY_USAGE_DECRYPT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21); + usage ^= PSA_KEY_USAGE_DECRYPT; + } + if (usage & PSA_KEY_USAGE_DERIVE) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20); + usage ^= PSA_KEY_USAGE_DERIVE; + } + if (usage & PSA_KEY_USAGE_ENCRYPT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21); + usage ^= PSA_KEY_USAGE_ENCRYPT; + } + if (usage & PSA_KEY_USAGE_EXPORT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20); + usage ^= PSA_KEY_USAGE_EXPORT; + } + if (usage & PSA_KEY_USAGE_SIGN_HASH) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); + usage ^= PSA_KEY_USAGE_SIGN_HASH; + } + if (usage & PSA_KEY_USAGE_VERIFY_HASH) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); + usage ^= PSA_KEY_USAGE_VERIFY_HASH; + } + if (usage != 0) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append_integer(&buffer, buffer_size, &required_size, + "0x%08lx", (unsigned long) usage); + } else { + buffer[0] = 0; + } + return (int) required_size; +} + +/* End of automatically generated file. */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index 95acb7e10..8df836580 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 28fbfc5a7..149aa303b 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -2,7 +2,7 @@ set(THREADS_USE_PTHREADS_WIN32 true) find_package(Threads) set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -32,8 +32,8 @@ foreach(exe IN LISTS executables) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() -target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) -target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) +set_property(TARGET ssl_client2 APPEND PROPERTY SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) +set_property(TARGET ssl_server2 APPEND PROPERTY SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c $) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 32ca22efc..fc6906117 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -42,12 +42,14 @@ #if !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or " + mbedtls_printf( "MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); + "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined " + " and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" ); mbedtls_exit( 0 ); } #else @@ -101,6 +103,7 @@ int main( void ) #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" #define DFL_KEY_OPAQUE 0 +#define DFL_KEY_PWD "" #define DFL_PSK "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" @@ -148,6 +151,10 @@ int main( void ) #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL #define DFL_SKIP_CLOSE_NOTIFY 0 +#define DFL_QUERY_CONFIG_MODE 0 +#define DFL_USE_SRTP 0 +#define DFL_SRTP_FORCE_PROFILE 0 +#define DFL_SRTP_MKI "" #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -173,7 +180,9 @@ int main( void ) " use \"none\" to skip loading any top-level CAs.\n" \ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ " default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" + " key_file=%%s default: \"\" (pre-loaded)\n"\ + " key_pwd=%%s Password for key specified by key_file argument\n"\ + " default: none\n" #else #define USAGE_IO \ " No file operations available (MBEDTLS_FS_IO not defined)\n" @@ -250,10 +259,26 @@ int main( void ) " This cannot be used with eap_tls=1\n" #define USAGE_NSS_KEYLOG_FILE \ " nss_keylog_file=%%s\n" -#else +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " This cannot be used with eap_tls=1 or "\ + " nss_keylog=1\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " mki=%%s default: \"\" (in hex, without 0x)\n" +#else /* MBEDTLS_SSL_DTLS_SRTP */ +#define USAGE_SRTP "" +#endif +#else /* MBEDTLS_SSL_EXPORT_KEYS */ #define USAGE_EAP_TLS "" #define USAGE_NSS_KEYLOG "" #define USAGE_NSS_KEYLOG_FILE "" +#define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) @@ -403,6 +428,7 @@ int main( void ) "\n" \ USAGE_DTLS \ USAGE_CID \ + USAGE_SRTP \ "\n" #define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ @@ -485,6 +511,7 @@ struct options #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif + const char *key_pwd; /* the password for the client key */ const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ @@ -535,6 +562,10 @@ struct options * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ + int query_config_mode; /* whether to read config */ + int use_srtp; /* Support SRTP */ + int force_srtp_profile; /* SRTP protection profile to use or all */ + const char *mki; /* The dtls mki value to use */ } opt; int query_config( const char *config ); @@ -649,7 +680,49 @@ exit: sizeof( nss_keylog_line ) ); return( ret ); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) +/* Supported SRTP mode needs a maximum of : + * - 16 bytes for key (AES-128) + * - 14 bytes SALT + * One for sender, one for receiver context + */ +#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 +typedef struct dtls_srtp_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_tls_prf_types tls_prf_type; +} dtls_srtp_keys; + +static int dtls_srtp_key_derivation( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) +{ + dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; + + ( ( void ) kb ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf_type = tls_prf_type; + + if( opt.debug_level > 2 ) + { + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ static void my_debug( void *ctx, int level, const char *file, int line, @@ -1098,6 +1171,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; + int query_config_ret = 0; mbedtls_net_context server_fd; io_ctx_t io_ctx; @@ -1127,11 +1201,15 @@ int main( int argc, char *argv[] ) mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info *curve_cur; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; + size_t mki_len=0; +#endif const char *pers = "ssl_client2"; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t slot = 0; + psa_key_id_t slot = 0; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; psa_status_t status; @@ -1156,7 +1234,7 @@ int main( int argc, char *argv[] ) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t key_slot = 0; /* invalid key slot */ + psa_key_id_t key_slot = 0; /* invalid key slot */ #endif #endif char *p, *q; @@ -1170,7 +1248,20 @@ int main( int argc, char *argv[] ) unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; eap_tls_keys eap_tls_keying; -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + /*! master keys and master salt for SRTP generated during handshake */ + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_UNSET + }; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -1249,6 +1340,7 @@ int main( int argc, char *argv[] ) opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; opt.key_opaque = DFL_KEY_OPAQUE; + opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; #if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; @@ -1295,6 +1387,10 @@ int main( int argc, char *argv[] ) opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; + opt.query_config_mode = DFL_QUERY_CONFIG_MODE; + opt.use_srtp = DFL_USE_SRTP; + opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; + opt.mki = DFL_SRTP_MKI; for( i = 1; i < argc; i++ ) { @@ -1368,6 +1464,8 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; + else if( strcmp( p, "key_pwd" ) == 0 ) + opt.key_pwd = q; #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) else if( strcmp( p, "key_opaque" ) == 0 ) opt.key_opaque = atoi( q ); @@ -1679,7 +1777,9 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - mbedtls_exit( query_config( q ) ); + opt.query_config_mode = 1; + query_config_ret = query_config( q ); + goto exit; } else if( strcmp( p, "serialize") == 0 ) { @@ -1717,6 +1817,18 @@ int main( int argc, char *argv[] ) if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 ) goto usage; } + else if( strcmp( p, "use_srtp" ) == 0 ) + { + opt.use_srtp = atoi ( q ); + } + else if( strcmp( p, "srtp_force_profile" ) == 0 ) + { + opt.force_srtp_profile = atoi( q ); + } + else if( strcmp( p, "mki" ) == 0 ) + { + opt.mki = q; + } else goto usage; } @@ -1824,7 +1936,6 @@ int main( int argc, char *argv[] ) opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; } - #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) { @@ -2077,7 +2188,7 @@ int main( int argc, char *argv[] ) else #if defined(MBEDTLS_FS_IO) if( strlen( opt.key_file ) ) - ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); + ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd ); else #endif #if defined(MBEDTLS_CERTS_C) @@ -2227,6 +2338,36 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp == 1 ) + { + if( opt.force_srtp_profile != 0 ) + { + const mbedtls_ssl_srtp_profile forced_profile[] = + { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile ); + } + else + { + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles ); + } + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", + ret ); + goto exit; + } + + } + else if( opt.force_srtp_profile != 0 ) + { + mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); + goto exit; + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); @@ -2254,7 +2395,14 @@ int main( int argc, char *argv[] ) nss_keylog_export, NULL ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) @@ -2463,6 +2611,26 @@ int main( int argc, char *argv[] ) mbedtls_ecp_set_max_ops( opt.ec_max_ops ); #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 ) + { + if( mbedtls_test_unhexify( mki, sizeof( mki ), + opt.mki,&mki_len ) != 0 ) + { + mbedtls_printf( "mki value not valid hex\n" ); + goto exit; + } + + mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); + if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, + (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); + goto exit; + } + } +#endif + mbedtls_printf( " ok\n" ); /* @@ -2584,7 +2752,74 @@ int main( int argc, char *argv[] ) } mbedtls_printf("\n"); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + size_t j = 0; + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); + + if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile + == MBEDTLS_TLS_SRTP_UNSET ) + { + mbedtls_printf( " Unable to negotiate " + "the use of DTLS-SRTP\n" ); + } + else + { + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf( "\n " ); + mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); + } + mbedtls_printf( "\n" ); + + /* produce a less readable output used to perform automatic checks + * - compare client and server output + * - interop test with openssl which client produces this kind of output + */ + mbedtls_printf( " Keying material: " ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); + } + mbedtls_printf( "\n" ); + + if ( dtls_srtp_negotiation_result.mki_len > 0 ) + { + mbedtls_printf( " DTLS-SRTP mki value: " ); + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); + } + } + else + { + mbedtls_printf( " DTLS-SRTP no mki value negotiated" ); + } + mbedtls_printf( "\n" ); + } + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ if( opt.reconnect != 0 ) { mbedtls_printf(" . Saving session for reuse..." ); @@ -2678,7 +2913,7 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n", ret ); - return( ret ); + goto exit; } } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -3341,7 +3576,8 @@ exit: * immediately because of bad cmd line params, * for example). */ status = psa_destroy_key( slot ); - if( status != PSA_SUCCESS ) + if( ( status != PSA_SUCCESS ) && + ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", (unsigned) slot, (int) status ); @@ -3360,15 +3596,21 @@ exit: #endif #if defined(_WIN32) - mbedtls_printf( " + Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); + } #endif // Shell can not handle large exit numbers -> 1 for errors if( ret < 0 ) ret = 1; - mbedtls_exit( ret ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + mbedtls_exit( ret ); + else + mbedtls_exit( query_config_ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index df8819a80..a204d9ead 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -26,10 +26,12 @@ #include #include -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) +#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \ + !defined(MBEDTLS_SSL_TLS_C) int main( void ) { - printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n"); + printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or " + "MBEDTLS_SSL_TLS_C not defined.\n"); return( 0 ); } #else @@ -377,13 +379,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) int valid_balance = 0; /* balance between valid and invalid characters */ size_t len = 0; char pad = 0; - char c = 0; + int c = 0; while( EOF != c ) { char c_valid = 0; - c = (char) fgetc( b64_file ); + c = fgetc( b64_file ); if( pad > 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2637a6c17..ceeb2245e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -42,12 +42,14 @@ #if !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or " + mbedtls_printf( "MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); + "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined " + " and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" ); mbedtls_exit( 0 ); } #else @@ -122,8 +124,10 @@ int main( void ) #define DFL_CA_PATH "" #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" +#define DFL_KEY_PWD "" #define DFL_CRT_FILE2 "" #define DFL_KEY_FILE2 "" +#define DFL_KEY_PWD2 "" #define DFL_ASYNC_OPERATIONS "-" #define DFL_ASYNC_PRIVATE_DELAY1 ( -1 ) #define DFL_ASYNC_PRIVATE_DELAY2 ( -1 ) @@ -180,6 +184,10 @@ int main( void ) #define DFL_REPRODUCIBLE 0 #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL +#define DFL_QUERY_CONFIG_MODE 0 +#define DFL_USE_SRTP 0 +#define DFL_SRTP_FORCE_PROFILE 0 +#define DFL_SRTP_SUPPORT_MKI 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -216,11 +224,15 @@ int main( void ) " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ " default: see note after key_file2\n" \ " key_file=%%s default: see note after key_file2\n" \ + " key_pwd=%%s Password for key specified by key_file argument\n"\ + " default: none\n" \ " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \ " default: see note after key_file2\n" \ " key_file2=%%s default: see note below\n" \ " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ " preloaded certificate(s) and key(s) are used if available\n" \ + " key_pwd2=%%s Password for key specified by key_file2 argument\n"\ + " default: none\n" \ " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ " default: preloaded parameters\n" #else @@ -318,10 +330,24 @@ int main( void ) " This cannot be used with eap_tls=1\n" #define USAGE_NSS_KEYLOG_FILE \ " nss_keylog_file=%%s\n" -#else +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " support_mki=%%d default: 0 (not supported)\n" +#else /* MBEDTLS_SSL_DTLS_SRTP */ +#define USAGE_SRTP "" +#endif +#else /* MBEDTLS_SSL_EXPORT_KEYS */ #define USAGE_EAP_TLS "" #define USAGE_NSS_KEYLOG "" #define USAGE_NSS_KEYLOG_FILE "" +#define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_CACHE_C) @@ -483,6 +509,7 @@ int main( void ) " read_timeout=%%d default: 0 ms (no timeout)\n" \ "\n" \ USAGE_DTLS \ + USAGE_SRTP \ USAGE_COOKIES \ USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ @@ -493,8 +520,6 @@ int main( void ) " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " options: 1 (send ca list), 0 (don't send)\n" \ USAGE_IO \ - USAGE_SSL_ASYNC \ - USAGE_SNI \ "\n" \ USAGE_PSK \ USAGE_CA_CALLBACK \ @@ -519,6 +544,8 @@ int main( void ) USAGE_CURVES \ "\n" #define USAGE4 \ + USAGE_SSL_ASYNC \ + USAGE_SNI \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ @@ -570,8 +597,10 @@ struct options const char *ca_path; /* the path with the CA certificate(s) reside */ const char *crt_file; /* the file with the server certificate */ const char *key_file; /* the file with the server key */ + const char *key_pwd; /* the password for the server key */ const char *crt_file2; /* the file with the 2nd server certificate */ const char *key_file2; /* the file with the 2nd server key */ + const char *key_pwd2; /* the password for the 2nd server key */ const char *async_operations; /* supported SSL asynchronous operations */ int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ @@ -635,6 +664,10 @@ struct options const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ + int query_config_mode; /* whether to read config */ + int use_srtp; /* Support SRTP */ + int force_srtp_profile; /* SRTP protection profile to use or all */ + int support_mki; /* The dtls mki mki support */ } opt; int query_config( const char *config ); @@ -750,7 +783,49 @@ exit: return( ret ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) +/* Supported SRTP mode needs a maximum of : + * - 16 bytes for key (AES-128) + * - 14 bytes SALT + * One for sender, one for receiver context + */ +#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 +typedef struct dtls_srtp_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_tls_prf_types tls_prf_type; +} dtls_srtp_keys; + +static int dtls_srtp_key_derivation( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) +{ + dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; + + ( ( void ) kb ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf_type = tls_prf_type; + + if( opt.debug_level > 2 ) + { + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ static void my_debug( void *ctx, int level, const char *file, int line, @@ -1212,7 +1287,7 @@ struct _psk_entry size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t slot; + psa_key_id_t slot; #endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -1228,7 +1303,7 @@ int psk_free( psk_entry *head ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; - psa_key_handle_t const slot = head->slot; + psa_key_id_t const slot = head->slot; if( slot != 0 ) { @@ -1638,7 +1713,7 @@ int idle( mbedtls_net_context *fd, } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t *slot, +static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot, psa_algorithm_t alg, unsigned char *psk, size_t psk_len ) @@ -1715,13 +1790,14 @@ int report_cid_usage( mbedtls_ssl_context *ssl, int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; + int query_config_ret = 0; int version_suites[4][2]; io_ctx_t io_ctx; unsigned char* buf = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; - psa_key_handle_t psk_slot = 0; + psa_key_id_t psk_slot = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -1781,7 +1857,6 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char alloc_buf[MEMORY_HEAP_SIZE]; #endif - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; @@ -1804,7 +1879,20 @@ int main( int argc, char *argv[] ) unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; eap_tls_keys eap_tls_keying; -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + /*! master keys and master salt for SRTP generated during handshake */ + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_UNSET + }; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -1905,8 +1993,10 @@ int main( int argc, char *argv[] ) opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; + opt.key_pwd = DFL_KEY_PWD; opt.crt_file2 = DFL_CRT_FILE2; opt.key_file2 = DFL_KEY_FILE2; + opt.key_pwd2 = DFL_KEY_PWD2; opt.async_operations = DFL_ASYNC_OPERATIONS; opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1; opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; @@ -1962,6 +2052,10 @@ int main( int argc, char *argv[] ) opt.reproducible = DFL_REPRODUCIBLE; opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; + opt.query_config_mode = DFL_QUERY_CONFIG_MODE; + opt.use_srtp = DFL_USE_SRTP; + opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; + opt.support_mki = DFL_SRTP_SUPPORT_MKI; for( i = 1; i < argc; i++ ) { @@ -2026,10 +2120,14 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; + else if( strcmp( p, "key_pwd" ) == 0 ) + opt.key_pwd = q; else if( strcmp( p, "crt_file2" ) == 0 ) opt.crt_file2 = q; else if( strcmp( p, "key_file2" ) == 0 ) opt.key_file2 = q; + else if( strcmp( p, "key_pwd2" ) == 0 ) + opt.key_pwd2 = q; else if( strcmp( p, "dhm_file" ) == 0 ) opt.dhm_file = q; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -2372,7 +2470,9 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - mbedtls_exit( query_config( q ) ); + opt.query_config_mode = 1; + query_config_ret = query_config( q ); + goto exit; } else if( strcmp( p, "serialize") == 0 ) { @@ -2404,6 +2504,18 @@ int main( int argc, char *argv[] ) { opt.nss_keylog_file = q; } + else if( strcmp( p, "use_srtp" ) == 0 ) + { + opt.use_srtp = atoi ( q ); + } + else if( strcmp( p, "srtp_force_profile" ) == 0 ) + { + opt.force_srtp_profile = atoi( q ); + } + else if( strcmp( p, "support_mki" ) == 0 ) + { + opt.support_mki = atoi( q ); + } else goto usage; } @@ -2815,7 +2927,8 @@ int main( int argc, char *argv[] ) if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 ) { key_cert_init++; - if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, + opt.key_pwd ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); goto exit; @@ -2840,7 +2953,8 @@ int main( int argc, char *argv[] ) if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 ) { key_cert_init2++; - if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, + opt.key_pwd2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret ); @@ -3006,7 +3120,7 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret ); goto exit; - }; + } #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -3036,6 +3150,38 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp == 1 ) + { + if( opt.force_srtp_profile != 0 ) + { + const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile ); + } + else + { + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles ); + } + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret ); + goto exit; + } + + mbedtls_ssl_conf_srtp_mki_value_supported( &conf, + opt.support_mki ? + MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED : + MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ); + + } + else if( opt.force_srtp_profile != 0 ) + { + mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); + goto exit; + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); @@ -3063,7 +3209,14 @@ int main( int argc, char *argv[] ) nss_keylog_export, NULL ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) @@ -3709,7 +3862,75 @@ handshake: } mbedtls_printf("\n"); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + size_t j = 0; + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); + + if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile + == MBEDTLS_TLS_SRTP_UNSET ) + { + mbedtls_printf( " Unable to negotiate " + "the use of DTLS-SRTP\n" ); + } + else + { + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf( "\n " ); + mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); + } + mbedtls_printf( "\n" ); + + /* produce a less readable output used to perform automatic checks + * - compare client and server output + * - interop test with openssl which client produces this kind of output + */ + mbedtls_printf( " Keying material: " ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); + } + mbedtls_printf( "\n" ); + + if ( dtls_srtp_negotiation_result.mki_len > 0 ) + { + mbedtls_printf( " DTLS-SRTP mki value: " ); + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); + } + } + else + { + mbedtls_printf( " DTLS-SRTP no mki value negotiated" ); + } + mbedtls_printf( "\n" ); + + } + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); @@ -4245,8 +4466,11 @@ exit: } #endif - mbedtls_printf( " . Cleaning up..." ); - fflush( stdout ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { + mbedtls_printf( " . Cleaning up..." ); + fflush( stdout ); + } mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); @@ -4276,7 +4500,8 @@ exit: sni_free( sni_info ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( ( ret = psk_free( psk_info ) ) != 0 ) + ret = psk_free( psk_info ); + if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) @@ -4292,7 +4517,8 @@ exit: * immediately because of bad cmd line params, * for example). */ status = psa_destroy_key( psk_slot ); - if( status != PSA_SUCCESS ) + if( ( status != PSA_SUCCESS ) && + ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", (unsigned) psk_slot, (int) status ); @@ -4331,18 +4557,24 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif - mbedtls_printf( " done.\n" ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { + mbedtls_printf( " done.\n" ); #if defined(_WIN32) - mbedtls_printf( " + Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); #endif + } // Shell can not handle large exit numbers -> 1 for errors if( ret < 0 ) ret = 1; - mbedtls_exit( ret ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + mbedtls_exit( ret ); + else + mbedtls_exit( query_config_ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0df0becd9..49b44e707 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -33,11 +33,12 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) if (${exe_index} GREATER -1) target_link_libraries(${exe} ${libs}) else() - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endif() endforeach() -target_sources(query_compile_time_config PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) +set_property(TARGET query_compile_time_config APPEND PROPERTY SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) install(TARGETS ${executables_libs} ${executables_mbedcrypto} DESTINATION "bin" diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 3e32c5fc3..a9fcfde29 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,5 +1,8 @@ cmake_minimum_required(VERSION 2.6) +# Test the target renaming support by adding a prefix to the targets built +set(MBEDTLS_TARGET_PREFIX subproject_test_) + # We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other # projects that use Mbed TLS as a subproject are likely to add by their own # relative paths. @@ -8,11 +11,12 @@ set(MBEDTLS_DIR ../../../) # Add Mbed TLS as a subdirectory. add_subdirectory(${MBEDTLS_DIR} build) -# Link against all the Mbed TLS libraries. +# Link against all the Mbed TLS libraries. Verifies that the targets have been +# created using the specified prefix set(libs - mbedcrypto - mbedx509 - mbedtls + subproject_test_mbedcrypto + subproject_test_mbedx509 + subproject_test_mbedtls ) add_executable(cmake_subproject cmake_subproject.c) diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index 09c527300..c69cd2bd7 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -109,6 +109,12 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#include "psa/crypto.h" +#include "psa/crypto_se_driver.h" +#include "psa/crypto_entropy_driver.h" +#include "psa/crypto_accel_driver.h" +#include "../library/psa_crypto_its.h" + int main() { mbedtls_platform_context *ctx = NULL; diff --git a/programs/test/query_config.c b/programs/test/query_config.c index f4c14d6cb..1345b11fe 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1168,13 +1168,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) - if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 ) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER ); + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER ); return( 0 ); } -#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #if defined(MBEDTLS_MEMORY_DEBUG) if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 ) @@ -1216,6 +1216,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + if( strcmp( "MBEDTLS_PSA_CRYPTO_DRIVERS", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_DRIVERS ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + #if defined(MBEDTLS_PSA_CRYPTO_SPM) if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 ) { @@ -1472,6 +1480,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( strcmp( "MBEDTLS_SSL_DTLS_SRTP", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_SRTP ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 ) { @@ -1584,6 +1600,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #if defined(MBEDTLS_VERSION_FEATURES) if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 ) { diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 2aa379b1c..41d704073 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -158,7 +158,7 @@ static int calloc_self_test( int verbose ) } #endif /* MBEDTLS_SELF_TEST */ -static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) +static int test_snprintf( size_t n, const char *ref_buf, int ref_ret ) { int ret; char buf[10] = "xxxxxxxxx"; diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index cb14a3ee6..2a11212ec 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedcrypto + ${mbedcrypto_target} ) set(executables diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index f7b5fe1d9..29cbeb800 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedx509 + ${mbedx509_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -23,7 +23,7 @@ foreach(exe IN LISTS executables) target_link_libraries(${exe} ${libs}) endforeach() -target_link_libraries(cert_app mbedtls) +target_link_libraries(cert_app ${mbedtls_target}) install(TARGETS ${executables} DESTINATION "bin" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index ade67e20b..e8241a320 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -100,9 +100,8 @@ int main( void ) " Add NsCertType even if it is empty\n" \ " md=%%s default: SHA256\n" \ " possible values:\n" \ - " MD2, MD4, MD5, SHA1\n" \ - " SHA224, SHA256\n" \ - " SHA384, SHA512\n" \ + " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " SHA224, SHA256, SHA384, SHA512\n" \ "\n" @@ -217,58 +216,14 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "md" ) == 0 ) { - if( strcmp( q, "SHA256" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA256; - } - else if( strcmp( q, "SHA224" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA224; - } - else -#if defined(MBEDTLS_MD5_C) - if( strcmp( q, "MD5" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD5; - } - else -#endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_MD4_C) - if( strcmp( q, "MD4" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD4; - } - else -#endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_MD2_C) - if( strcmp( q, "MD2" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD2; - } - else -#endif /* MBEDTLS_MD2_C */ -#if defined(MBEDTLS_SHA1_C) - if( strcmp( q, "SHA1" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA1; - } - else -#endif /* MBEDTLS_SHA1_C */ -#if defined(MBEDTLS_SHA512_C) - if( strcmp( q, "SHA384" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA384; - } - else - if( strcmp( q, "SHA512" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA512; - } - else -#endif /* MBEDTLS_SHA512_C */ + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_string( q ); + if( md_info == NULL ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } + opt.md_alg = mbedtls_md_get_type( md_info ); } else if( strcmp( p, "key_usage" ) == 0 ) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 1eeb861e8..18174d804 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -118,8 +118,9 @@ int main( void ) " is_ca=%%d default: 0 (disabled)\n" \ " max_pathlen=%%d default: -1 (none)\n" \ " md=%%s default: SHA256\n" \ - " Supported values:\n" \ - " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\ + " Supported values (if enabled):\n" \ + " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " SHA224, SHA256, SHA384, SHA512\n" \ " version=%%d default: 3\n" \ " Possible values: 1, 2, 3\n"\ " subject_identifier=%%s default: 1\n" \ @@ -353,27 +354,14 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "md" ) == 0 ) { - if( strcmp( q, "SHA1" ) == 0 ) - opt.md = MBEDTLS_MD_SHA1; - else if( strcmp( q, "SHA224" ) == 0 ) - opt.md = MBEDTLS_MD_SHA224; - else if( strcmp( q, "SHA256" ) == 0 ) - opt.md = MBEDTLS_MD_SHA256; - else if( strcmp( q, "SHA384" ) == 0 ) - opt.md = MBEDTLS_MD_SHA384; - else if( strcmp( q, "SHA512" ) == 0 ) - opt.md = MBEDTLS_MD_SHA512; - else if( strcmp( q, "MD2" ) == 0 ) - opt.md = MBEDTLS_MD_MD2; - else if( strcmp( q, "MD4" ) == 0 ) - opt.md = MBEDTLS_MD_MD4; - else if( strcmp( q, "MD5" ) == 0 ) - opt.md = MBEDTLS_MD_MD5; - else + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_string( q ); + if( md_info == NULL ) { mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } + opt.md = mbedtls_md_get_type( md_info ); } else if( strcmp( p, "version" ) == 0 ) { diff --git a/scripts/config.py b/scripts/config.py index 703e6e906..ae0614ae0 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,7 +184,8 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time) + 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config + 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index fd72f8b5f..9e479bbfd 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,20 +19,20 @@ #include "common.h" -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) -#include -#endif +#include "mbedtls/error.h" + +#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + +#if defined(MBEDTLS_ERROR_C) #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include HEADER_INCLUDED @@ -149,8 +149,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -162,6 +160,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 95dc4db21..401c2fc12 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -411,7 +411,7 @@ def generate_psa_constants(header_file_names, output_file_name): temp_file_name = output_file_name + '.tmp' with open(temp_file_name, 'w') as output_file: collector.write_file(output_file) - os.rename(temp_file_name, output_file_name) + os.replace(temp_file_name, output_file_name) if __name__ == '__main__': if not os.path.isdir('programs') and os.path.isdir('../programs'): diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 3d4baca41..6c2b5e4ab 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,6 +39,7 @@ my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; +my $test_drivers_header_dir = 'tests/include/test/drivers'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest @@ -116,6 +117,7 @@ sub check_dirs { && -d $source_dir && -d $test_source_dir && -d $test_header_dir + && -d $test_drivers_header_dir && -d $programs_dir; } @@ -262,6 +264,7 @@ sub main { $mbedtls_header_dir, $psa_header_dir, $test_header_dir, + $test_drivers_header_dir, $source_dir, @thirdparty_header_dirs, ); diff --git a/tests/.gitignore b/tests/.gitignore index d49611c1e..d9f4b5178 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -11,4 +11,5 @@ data_files/entropy_seed include/test/instrument_record_status.h src/*.o +src/drivers/*.o src/libmbed* diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cc6866309..f8ce925df 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) # Set the project root directory if it's not already defined, as may happen if @@ -43,7 +43,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) @@ -166,6 +166,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(seedfile) endif() link_to_source(compat.sh) + link_to_source(context-info.sh) link_to_source(data_files) link_to_source(scripts) link_to_source(ssl-opt.sh) diff --git a/tests/Makefile b/tests/Makefile index ffa4812bd..511db9db5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -80,7 +80,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -89,6 +89,10 @@ src/%.o : src/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +src/drivers/%.o : src/drivers/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) # Wildcard target for test code generation: @@ -130,12 +134,13 @@ $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mb clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax TESTS - rm -f src/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/libmbed* else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o + if exist src/drivers/*.o del /Q /F src/drivers/*.o if exist src/libmbed* del /Q /F src/libmed* ifneq ($(wildcard TESTS/.*),) rmdir /Q /S TESTS diff --git a/tests/compat.sh b/tests/compat.sh index 9f2798ee7..6e0a8f963 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -90,12 +90,12 @@ PEERS="OpenSSL$PEER_GNUTLS mbedTLS" print_usage() { echo "Usage: $0" printf " -h|--help\tPrint this help.\n" - printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n" - printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n" - printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n" - printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n" - printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n" - printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n" + printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" + printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" + printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" + printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" + printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" + printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" @@ -907,7 +907,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then @@ -956,39 +956,29 @@ setup_arguments() ;; "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" + O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key" if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; "PSK") # give RSA-PSK-capable server a RSA cert # (should be a separate type, but harder to close with openssl) - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; esac } @@ -1117,7 +1107,7 @@ run_client() { VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" TITLE="$TITLE $MODE,$VERIF $2" - printf "$TITLE " + printf "%s " "$TITLE" LEN=$(( 72 - `echo "$TITLE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' diff --git a/tests/context-info.sh b/tests/context-info.sh index 150584b5d..346529845 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -430,13 +430,19 @@ run_test "Binary file instead of text file" \ -u "Too many bad symbols detected. File check aborted" \ -n "Deserializing" +run_test "Decoder continues past 0xff character" \ + "def_b64_ff.bin" \ + -n "No valid base64" \ + -u "ciphersuite.* TLS-" + # End of tests +echo if [ $T_FAILED -eq 0 ]; then - printf "\nPASSED ( $T_COUNT tests )\n" + echo "PASSED ( $T_COUNT tests )" else - printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n" + echo "FAILED ( $T_FAILED / $T_COUNT tests )" fi exit $T_FAILED diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 40c22f53b..bf2f538ef 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -13,8 +13,10 @@ ## Tools OPENSSL ?= openssl FAKETIME ?= faketime -MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write -MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req + +TOP_DIR = ../.. +MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write +MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req ## Build the generated test data. Note that since the final outputs @@ -244,6 +246,8 @@ cli2.key.der: cli2.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += cli2.key.der +server5_pwd_ec = PolarSSLTest + server5.crt.der: server5.crt $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER all_final += server5.crt.der @@ -252,6 +256,10 @@ server5.key.der: server5.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += server5.key.der +server5.key.enc: server5.key + $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" +all_final += server5.key.enc + server5-ss-expired.crt: server5.key $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ all_final += server5-ss-expired.crt @@ -927,6 +935,8 @@ all_final += server1.req.cert_type_empty # server2* +server2_pwd_ec = PolarSSLTest + server2.req.sha256: server2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 all_intermediate += server2.req.sha256 @@ -943,6 +953,10 @@ server2.key.der: server2.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += server2.key.der +server2.key.enc: server2.key + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" +all_final += server2.key.enc + # server5* # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' @@ -1058,7 +1072,10 @@ server1.v1.der.openssl: server1.v1.crt.openssl crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ -server1_all: crl.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl +crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf + $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl # server2* diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 6f54ed0c1..d07241a2c 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -111,7 +111,7 @@ Signing CA in parentheses (same meaning as certificates). - crl-ec-sha*.pem: (2) server6.crt - crl-future.pem: (2) server6.crt + unknown - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown -- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown +- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem - crt_cat_*.pem: (1+2) concatenations in various orders: ec = crl-ec-sha256.pem, ecfut = crl-future.pem diff --git a/tests/data_files/base64/def_b64_ff.bin b/tests/data_files/base64/def_b64_ff.bin new file mode 100644 index 000000000..66aa8271c --- /dev/null +++ b/tests/data_files/base64/def_b64_ff.bin @@ -0,0 +1,5 @@ +// Ensure that the b64 parser continues after encountering a 0xFF +// character. Note that this byte is invalid UTF-8, making this +// entire file invalid UTF-8. Use care when editing. +// -> <- +AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr new file mode 100644 index 000000000..a8c39bdb3 --- /dev/null +++ b/tests/data_files/cert_md2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA +A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9 +1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb +q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn +mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x +sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV +oHOmuGG901WMMemzZXjoLi+8ZpVL +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr new file mode 100644 index 000000000..d8a3dbf20 --- /dev/null +++ b/tests/data_files/cert_md4.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA +A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh +oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L +mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X +HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9 +dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6 +MkGpWB68T8FRBoVrWLOh+a9yNwyp +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/cert_md5.csr b/tests/data_files/cert_md5.csr new file mode 100644 index 000000000..dc6792d38 --- /dev/null +++ b/tests/data_files/cert_md5.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBBAUA +A4IBAQBNEvxgn3Pc62hsMgMz33IdeNpazeK3ae2gwQQFgL7qMp/kskfpIKF4m8eB +YrmjKn9cqszRD606/ZtWYDwINUUc6O7bQGmpGIFd7bSPm/pbsajc6R7kzA/tD/bk +G5zqu9Bj0x92hEwdku0zY+Hx9PgT2dK8M72iFylHBwT3X1tNyXhh7xWJ9RlAfSvN +KdS6s3kRjK4qcir0MnflV5f2HD6r1v9cSVyme6eVLvOmup89z0cihH7NDwDJaYbi +oqcKXFbro8/2ruEzPUS6U8NA9cjlX9DW8buIu4cQACVx5YevlwKoayYfXcRRvIFo +OLiPq14TuZj3c0+HFOxWj4UBAjvI +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/crl-futureRevocationDate.pem b/tests/data_files/crl-futureRevocationDate.pem new file mode 100644 index 000000000..f147a8f80 --- /dev/null +++ b/tests/data_files/crl-futureRevocationDate.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTI4MTIzMDIzMDAw +MFoXDTI5MTIzMDIzMDAwMFowKDASAgEBFw0yOTAxMDExMjQ0MDdaMBICAQMXDTI5 +MDEwMTEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKbL1mDpzCbLJmRZKM2KHPvK +ijS4UMnanzzYpLAwom1NI69v2fE1/EfiXv0empE6mFqnLwOG4ZP8fECfxjMXO2Ee +VhxYiRjly6q9hfIUk1e+N9ct8unNnLEBvf6Syfy9+FSO3Q/ahljpYlXsXxg62WXl +9xp5b5Ok+/0sCv0eL5uFQKXQa8hS9dZo6py7jvFDQC+wVau1mXjQW85iXMLm7vik +4lR+kfZloeq1jIbsx8cdMi32YVt7uccaqoFcjtrdrWfGmi0wvlDc8K5J0l4tIxZY +9P+T4fzSgQLdqGZ3xADheEaGTRVL/5oe5L4zRH32BZONMFCijv+j1SpWLxHE8cM= +-----END X509 CRL----- diff --git a/tests/data_files/server2.key.enc b/tests/data_files/server2.key.enc new file mode 100644 index 000000000..773aaad40 --- /dev/null +++ b/tests/data_files/server2.key.enc @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,3DDADF5AEA525DD282D9D5E0B978AEE2 + +thP0fyNhHEWvVWHpBSGAA4C6wlqWwuCbYTGVs6GW07YNiyvInE/XxtKCrEJ6ORpR +tPZ0sTtmRFQgiAW4nSjol6AhnMAYCkt+bl2opihuKHr2IBKpGIytCwYwDB/soMw5 +/vYuZU3osENnWcv+R1+0PohU6eqo1bVBrk+Mrm+ZSX886uDNxAaqAW9dtsC7fZYV +w/uCOlk78rtrJUOTKfh3VEXG1fb/rYAP7bZYwzkmJZRozFPzjhnZZSOssz4xwCwY +04oHHrMDFCpbBmlZRLg60c5u0nduQx3SKig9o6gHCDoOYT0Bq64lvZLiPcwN7axV +L7+7TJ9u/kALO0CqAltiuz18msaErXIE3pHEGDt5zxgUcLxT4IhhixWfOL09nqjl +IltEBn0JAVC3qYsEzFGnr3C2NXLTYIFU8m1qtIyEc8vuhKw7HCgp3W/xw9f2jKZF +JivFX80URuBTs2/TWuGBKTmIGLQFWYPKwhyl9HNbbI8q5XdxKNiVxDnZfPU/icef +nJ+nM7msrkvXj4SdHO/if+rxQ07T/MHfU8PeqUL2LQAxY4gfBvkKJ/UAjfsHv0B2 +1WcZAt0yqrJu/ydOkQpwmQ/XCh/dITNYnxXZ0bjtY5fG+QGxA3RvqyfKbQFTi8qg +Nx8cxOUD1dZwZ6KrosdSFGkNkZwgIWAbIK4O3TLN5lD42031kx4iiKlxdjw6Q2df +MEVL6FqYXf4n5MhGQ5mu5MkEO9IDaz/iBdm2jkkjWaxozNC51r/i+STtsVQnY2f2 +pubekEnCOoqXN6BjuVLN28XSTLLTlJ5i9tdIMlIFUKfiNpJjOTjYBopZEf5hm3h4 +ollq6QhW9DIIsVuYgSpvoyLYLl57kvYgk1oGhV0KZyh7IPzRXTjEBiMTO+MZEoH0 +f3x2RU3LvMagb36zWs6CShV/TwAE08Mwbi7UDWYRHHaeO2bcKoEDGOXiOfsXE9HW +OVmAlIheR/W1eVAcszHcSVtXOjlsJ02CeVEcATnJCk6Ug0vc0TspCnwOCvM8+RmE +jQ0E6GeT6R/DVHW9XBNFxFxiS6ySd3yo9rKVLdGGPHns+qmlSMTAfYROoR1V8UiQ +0Tvd1CfVVBeYCm9UrWUXvGzoC3rstbD7SinGbdSU4wATIPeb+v1Tz/vVhr8AoRLJ +JK3jHMKCHH59Wx+tk8JdqAm8fgUK/69A5+gitZlM6sAmnfBJ6Vm8hqACLpjPXDWy +LjNDwWGqgWgqDOubY+ZJQwjUGQdPdGbEUF0ABZ6si9wW+RVVGSPAfiFqE4b/QwA/ +RZh1nm7dc/3elXxwXP60MyEsVddAP691xlDdL9mRpbDMx/JSp/hABFmdPOEtu5EB +02DS37+pOdI1kWkFiI4kkccZL04CTWLWh2lxb0RqUqQMeOf6j/WSTJ2In5etbHSB +R8IQOsfRINm3fD11SXXKUM7IzMi9VBD7TblN2HR9iXbW7twa8O0MRH805eY+vjsM +kcYoOtWSh+OFP9txcwjiXUBmVQDPtb+myGXmchSpMIFNV2tHVvVmUFBSipyAKr98 +3YI7mvWO0AVWXAqRHYmM3DLjlEXCauXCjgVicC/EUdA5CAO95X/ZQTNwBk8kYjy+ +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/server5.key.enc b/tests/data_files/server5.key.enc new file mode 100644 index 000000000..8e622c0e9 --- /dev/null +++ b/tests/data_files/server5.key.enc @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,69FEA263918128D4DD673B2732E2D7EC + ++Q4P1nVcfGoittxagWHvyBLVPbhjmTA/SZ6W5TB+5scOzgfRlcse4jIII899EQxx +HrfhgQwzQ12TgTZ2Y8neI+RsUqFLTLinvd8c/luBKLeDECjjhyBXOJic2dRPUaLQ +Nyg3bI0Srr6aq6nETjh8i+dSzE/wjyNzXBMdN3KhOjE= +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/test-ca.server1.future-crl.db b/tests/data_files/test-ca.server1.future-crl.db new file mode 100644 index 000000000..763aa1219 --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.db @@ -0,0 +1,2 @@ +R 210212144406Z 290101124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1 +R 210212144400Z 290101124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA diff --git a/tests/data_files/test-ca.server1.future-crl.opensslconf b/tests/data_files/test-ca.server1.future-crl.opensslconf new file mode 100644 index 000000000..e9ce7543a --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.opensslconf @@ -0,0 +1,18 @@ + [ ca ] + default_ca = test-ca + + [ test-ca ] + certificate = test-ca.crt + private_key = test-ca.key + serial = test-ca.server1.serial + default_md = sha1 + default_startdate = 110212144406Z + default_enddate = 210212144406Z + new_certs_dir = ./ + database = ./test-ca.server1.future-crl.db + policy = policy_match + + [policy_match] + countryName = supplied + organizationName = supplied + commonName = supplied diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h new file mode 100644 index 000000000..ef787f794 --- /dev/null +++ b/tests/include/test/drivers/cipher.h @@ -0,0 +1,180 @@ +/* + * Test driver for cipher functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H +#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +#include "mbedtls/cipher.h" +typedef struct { + psa_algorithm_t alg; + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + uint8_t iv_size; + uint8_t block_size; + mbedtls_cipher_context_t cipher; +} test_transparent_cipher_operation_t; + +typedef struct{ + unsigned int initialised : 1; + test_transparent_cipher_operation_t ctx; +} test_opaque_cipher_operation_t; + +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the cipher driver functions is called. */ + unsigned long hits; +} test_driver_cipher_hooks_t; + +#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void ) +{ + const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT; + return( v ); +} + +extern test_driver_cipher_hooks_t test_driver_cipher_hooks; + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation); + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/* + * opaque versions + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation); + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h new file mode 100644 index 000000000..90f8c587c --- /dev/null +++ b/tests/include/test/drivers/key_management.h @@ -0,0 +1,78 @@ +/* + * Test driver for generating and verifying keys. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H +#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the key management driver functions + * is called. */ + unsigned long hits; +} test_driver_key_management_hooks_t; + +#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void ) +{ + const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT; + return( v ); +} + +extern test_driver_key_management_hooks_t test_driver_key_management_hooks; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h new file mode 100644 index 000000000..8abcb111a --- /dev/null +++ b/tests/include/test/drivers/signature.h @@ -0,0 +1,82 @@ +/* + * Test driver for signature functions. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the signature driver functions is called. */ + unsigned long hits; +} test_driver_signature_hooks_t; + +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) +{ + const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; + return( v ); +} + +extern test_driver_signature_hooks_t test_driver_signature_sign_hooks; +extern test_driver_signature_hooks_t test_driver_signature_verify_hooks; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h new file mode 100644 index 000000000..4bfe986a2 --- /dev/null +++ b/tests/include/test/drivers/size.h @@ -0,0 +1,95 @@ +/* + * Test driver for context size functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + unsigned int context; +} test_driver_key_context_t; + +/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + * + * This macro returns the base size for the key context. It is the size of the + * driver specific information stored in each key context. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) + +/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE + * + * Number of bytes included in every key context for a key pair. + * + * This pair size is for an ECC 256-bit private/public key pair. + * Based on this value, the size of the private key can be derived by + * subtracting the public key size below from this one. + */ + +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 + +/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + * + * Number of bytes included in every key context for a public key. + * + * For ECC public keys, it needs 257 bits so 33 bytes. + */ +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 + +/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * + * Every key context for a symmetric key includes this many times the key size. + */ +#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY + * + * If this is true for a key pair, the key context includes space for the public key. + * If this is false, no additional space is added for the public key. + * + * For this instance, store the public key with the private one. + */ +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 + +/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + * + * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver + * provides a size_function entry point, otherwise, it does not. + * + * Some opaque drivers have the need to support a custom size for the storage + * of key and context information. The size_function provides the ability to + * provide that customization. + */ +//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h new file mode 100644 index 000000000..f26b795dd --- /dev/null +++ b/tests/include/test/drivers/test_driver.h @@ -0,0 +1,30 @@ +/* + * Umbrella include for all of the test driver functionality + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVER_H +#define PSA_CRYPTO_TEST_DRIVER_H + +#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff + +#include "test/drivers/signature.h" +#include "test/drivers/key_management.h" +#include "test/drivers/cipher.h" +#include "test/drivers/size.h" + +#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index c4979ccb6..2c7b179ab 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -53,10 +53,8 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); /** - * \brief This function translates an ASCII string encoding an - * hexadecimal number into the encoded hexadecimal number. The - * hexadecimal number is represented as an array of - * unsigned char. + * \brief This function decodes the hexadecimal representation of + * data. * * \note The output buffer can be the same as the input buffer. For * any other overlapping of the input and output buffers, the @@ -70,7 +68,7 @@ void mbedtls_test_platform_teardown( void ); * * \return \c 0 on success. * \return \c -1 if the output buffer is too small or the input string - * is not a valid ASCII encoding of an hexadecimal number. + * is not a valid hexadecimal representation. */ int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, size_t *len ); @@ -103,4 +101,93 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +#if defined(MBEDTLS_CHECK_PARAMS) + +typedef struct +{ + const char *failure_condition; + const char *file; + int line; +} +mbedtls_test_param_failed_location_record_t; + +/** + * \brief Get the location record of the last call to + * mbedtls_test_param_failed(). + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed() that cancels it. + */ +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ); + +/** + * \brief State that a call to mbedtls_param_failed() is expected. + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed that cancel it. + */ +void mbedtls_test_param_failed_expect_call( void ); + +/** + * \brief Check whether mbedtls_param_failed() has been called as expected. + * + * \note Check whether mbedtls_param_failed() has been called between the + * last call to mbedtls_test_param_failed_expect_call() and the call + * to this function. + * + * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), + * mbedtls_param_failed() has been called. + * \c -1 Otherwise. + */ +int mbedtls_test_param_failed_check_expected_call( void ); + +/** + * \brief Get the address of the object of type jmp_buf holding the execution + * state information used by mbedtls_param_failed() to do a long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution to the state stored in the jmp_buf object whose address + * is returned by the present function. + * + * \note This function is intended to provide the parameter of the + * setjmp() function to set-up where mbedtls_param_failed() should + * long-jump if it has to. It is foreseen to be used as: + * + * setjmp( mbedtls_test_param_failed_get_state_buf() ). + * + * \note The type of the returned value is not jmp_buf as jmp_buf is an + * an array type (C specification) and a function cannot return an + * array type. + * + * \note The type of the returned value is not jmp_buf* as then the return + * value couldn't be used by setjmp(), as its parameter's type is + * jmp_buf. + * + * \return Address of the object of type jmp_buf holding the execution state + * information used by mbedtls_param_failed() to do a long jump. + */ +void* mbedtls_test_param_failed_get_state_buf( void ); + +/** + * \brief Reset the execution state used by mbedtls_param_failed() to do a + * long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution state that this function reset. + * + * \note It is recommended to reset the execution state when the state + * is not relevant anymore. That way an unexpected call to + * mbedtls_param_failed() will not trigger a long jump with + * undefined behavior but rather a long jump that will rather fault. + */ +void mbedtls_test_param_failed_reset_state( void ); +#endif /* MBEDTLS_CHECK_PARAMS */ + #endif /* TEST_HELPERS_H */ diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 717715631..f40478070 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -73,7 +73,7 @@ /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) + ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index c8013a1a8..01b0547cf 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -24,6 +24,7 @@ #include "test/psa_helpers.h" #include +#include static int test_helper_is_psa_pristine( int line, const char *file ) { @@ -40,6 +41,10 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; + else if( stats.locked_slots != 0 ) + { + msg = "Some slots are still marked as locked."; + } /* If the test has already failed, don't overwrite the failure * information. Do keep the stats lookup above, because it can be diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0356923e2..2bb2216c9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -127,6 +127,8 @@ pre_check_environment () { pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" + CRYPTO_CONFIG_H='include/psa/crypto_config.h' + CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak" append_outcome=0 MEMORY=0 @@ -285,6 +287,10 @@ cleanup() if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi + + if [ -f "$CRYPTO_CONFIG_BAK" ]; then + mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H" + fi } # Executed on exit. May be redefined depending on command line options. @@ -780,6 +786,18 @@ component_test_full_cmake_gcc_asan () { if_build_succeeded tests/context-info.sh } +component_test_psa_crypto_key_id_encodes_owner () { + msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + scripts/config.py full + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + make test +} + component_test_zlib_make() { msg "build: zlib enabled, make" scripts/config.py set MBEDTLS_ZLIB_SUPPORT @@ -1217,16 +1235,34 @@ component_test_depends_curves () { record_status tests/scripts/curves.pl } +component_test_depends_curves_psa () { + msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/curves.pl +} + component_test_depends_hashes () { msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min record_status tests/scripts/depends-hashes.pl } +component_test_depends_hashes_psa () { + msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/depends-hashes.pl +} + component_test_depends_pkalgs () { msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min record_status tests/scripts/depends-pkalgs.pl } +component_test_depends_pkalgs_psa () { + msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/depends-pkalgs.pl +} + component_build_key_exchanges () { msg "test/build: key-exchanges (gcc)" # ~ 1 min record_status tests/scripts/key-exchanges.pl @@ -1272,14 +1308,224 @@ component_test_no_use_psa_crypto_full_cmake_asan() { if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } +component_test_psa_crypto_config_basic() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" + make test +} + +component_test_psa_crypto_config_no_driver() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" + make test +} + +# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. +component_build_psa_accel_alg_ecdsa() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA + # without MBEDTLS_ECDSA_C + # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already + # set in include/psa/crypto_config.h + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. +component_build_psa_accel_alg_ecdh() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH + # without MBEDTLS_ECDH_C + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. +component_build_psa_accel_key_type_ecc_key_pair() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. +component_build_psa_accel_key_type_ecc_public_key() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. +component_build_psa_accel_alg_hmac() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. +component_build_psa_accel_alg_hkdf() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF + # without MBEDTLS_HKDF_C + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_HKDF_C + # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_alg_rsa_pkcs1v15_sign() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_alg_rsa_oaep() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_alg_rsa_pss() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_key_type_rsa_key_pair() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_accel_key_type_rsa_public_key() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + component_test_check_params_functionality () { msg "build+test: MBEDTLS_CHECK_PARAMS functionality" scripts/config.py full # includes CHECK_PARAMS # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT - # Only build and run tests. Do not build sample programs, because - # they don't have a mbedtls_param_failed() function. - make CC=gcc CFLAGS='-Werror -O1' lib test + make CC=gcc CFLAGS='-Werror -O1' all test } component_test_check_params_without_platform () { @@ -1538,6 +1784,16 @@ component_test_null_entropy () { make test } +component_test_no_date_time () { + msg "build: default config without MBEDTLS_HAVE_TIME_DATE" + scripts/config.py unset MBEDTLS_HAVE_TIME_DATE + CC=gcc cmake + make + + msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" + make test +} + component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" scripts/config.py set MBEDTLS_PLATFORM_MEMORY @@ -1646,6 +1902,16 @@ component_test_se_default () { make test } +component_test_psa_crypto_drivers () { + msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + make test +} + component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check @@ -1814,10 +2080,24 @@ component_test_no_64bit_multiplication () { make test } +component_test_no_strings () { + msg "build: no strings" # ~10s + scripts/config.py full + # Disable options that activate a large amount of string constants. + scripts/config.py unset MBEDTLS_DEBUG_C + scripts/config.py unset MBEDTLS_ERROR_C + scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY + scripts/config.py unset MBEDTLS_VERSION_FEATURES + make CFLAGS='-Werror -Os' + + msg "test: no strings" # ~ 10s + make test +} + component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1831,7 +2111,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1840,7 +2120,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1850,7 +2130,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } @@ -1859,7 +2139,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } @@ -2084,6 +2364,7 @@ run_component () { # Back up the configuration in case the component modifies it. # The cleanup function will restore it. cp -p "$CONFIG_H" "$CONFIG_BAK" + cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK" current_component="$1" export MBEDTLS_TEST_CONFIGURATION="$current_component" diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 3ab62f8b1..845d1c60c 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -105,3 +105,4 @@ check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check scripts/generate_visualc_files.pl visualc/VS2010 +check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 6c9195bb0..55f76daeb 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -65,7 +65,7 @@ fi diff macros identifiers | sed -n -e 's/< //p' > actual-macros for THING in actual-macros enum-consts; do - printf "Names of $THING: " + printf 'Names of %s: ' "$THING" test -r $THING BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) UNDERSCORES=$( grep -E '.*__.*' $THING || true ) @@ -81,7 +81,7 @@ for THING in actual-macros enum-consts; do done for THING in identifiers; do - printf "Names of $THING: " + printf 'Names of %s: ' "$THING" test -r $THING BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true ) if [ "x$BAD" = "x" ]; then diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 15d2590c1..a8617a083 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -30,4 +30,10 @@ sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \ | egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \ | sort -u > macros +# For include/mbedtls/config_psa.h need to ignore the MBEDTLS_xxx define +# in that file since they may not be defined in include/psa/crypto_config.h +# This line renames the potentially missing defines to ones that should +# be present. +sed -ne 's/^MBEDTLS_PSA_BUILTIN_/MBEDTLS_PSA_ACCEL_/p' >macros + wc -l macros diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 01edfe2fb..cf4175af2 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -28,17 +28,21 @@ use warnings; use strict; my %configs = ( + 'config-ccm-psk-tls1_2.h' => { + 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + }, 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #' }, + 'config-no-entropy.h' => { + }, + 'config-psa-crypto.h' => { + }, 'config-suite-b.h' => { 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, 'config-symmetric-only.h' => { }, - 'config-ccm-psk-tls1_2.h' => { - 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', - }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', }, diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c new file mode 100644 index 000000000..fa7c6a9e7 --- /dev/null +++ b/tests/src/drivers/cipher.c @@ -0,0 +1,611 @@ +/* + * Test driver for cipher functions. + * Currently only supports multi-part operations using AES-CTR. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/cipher.h" + +#include "test/drivers/cipher.h" + +#include "test/random.h" + +#include + +/* Test driver implements AES-CTR only. Its default behaviour (when its return + * status is not overridden through the hooks) is to take care of all AES-CTR + * operations, and return PSA_ERROR_NOT_SUPPORTED for all others. + * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use + * fallback even for AES-CTR. */ +test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; + +static psa_status_t test_transparent_cipher_oneshot( + mbedtls_operation_t direction, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + test_driver_cipher_hooks.hits++; + + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); + + /* If test driver response code is not SUCCESS, we can return early */ + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + /* If test driver output is overridden, we don't need to do actual crypto */ + if( test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); + } + + /* Run AES-CTR using the cipher module */ + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + const mbedtls_cipher_info_t *cipher_info = + mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + mbedtls_cipher_context_t cipher; + int ret = 0; + uint8_t temp_output_buffer[16] = {0}; + size_t temp_output_length = 0; + + if( direction == MBEDTLS_ENCRYPT ) + { + /* Oneshot encrypt needs to prepend the IV to the output */ + if( output_size < ( input_length + 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + else + { + /* Oneshot decrypt has the IV prepended to the input */ + if( output_size < ( input_length - 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_cipher_init( &cipher ); + ret = mbedtls_cipher_setup( &cipher, cipher_info ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_setkey( &cipher, + key, + key_length * 8, direction ); + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + ret = mbedtls_test_rnd_pseudo_rand( &rnd_info, + temp_output_buffer, + 16 ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 ); + } + else + ret = mbedtls_cipher_set_iv( &cipher, input, 16 ); + + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + ret = mbedtls_cipher_update( &cipher, + input, input_length, + &output[16], output_length ); + if( ret == 0 ) + { + memcpy( output, temp_output_buffer, 16 ); + *output_length += 16; + } + } + else + ret = mbedtls_cipher_update( &cipher, + &input[16], input_length - 16, + output, output_length ); + + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_finish( &cipher, + temp_output_buffer, + &temp_output_length ); + +exit: + if( ret != 0 ) + { + *output_length = 0; + memset(output, 0, output_size); + } + + mbedtls_cipher_free( &cipher ); + return( mbedtls_to_psa_error( ret ) ); + } +} + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + return ( + test_transparent_cipher_oneshot( + MBEDTLS_ENCRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); +} + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + return ( + test_transparent_cipher_oneshot( + MBEDTLS_DECRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); +} + +static psa_status_t test_transparent_cipher_setup( + mbedtls_operation_t direction, + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + const mbedtls_cipher_info_t *cipher_info = NULL; + int ret = 0; + + test_driver_cipher_hooks.hits++; + + if( operation->alg != 0 ) + return( PSA_ERROR_BAD_STATE ); + + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); + + /* Allow overriding return value for testing purposes */ + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); + + operation->alg = alg; + operation->iv_size = 16; + + cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_cipher_init( &operation->cipher ); + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return( mbedtls_to_psa_error( ret ) ); + } + + ret = mbedtls_cipher_setkey( &operation->cipher, + key, + key_length * 8, direction ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return( mbedtls_to_psa_error( ret ) ); + } + + operation->iv_set = 0; + operation->iv_required = 1; + operation->key_set = 1; + + return( test_driver_cipher_hooks.forced_status ); +} + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, + operation, + attributes, + key, + key_length, + alg ) ); +} + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, + operation, + attributes, + key, + key_length, + alg ) ); +} + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation) +{ + test_driver_cipher_hooks.hits++; + + if( operation->alg == 0 ) + return( PSA_SUCCESS ); + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + mbedtls_cipher_free( &operation->cipher ); + + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); + + return( PSA_SUCCESS ); +} + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + psa_status_t status; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_size < operation->iv_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_test_rnd_pseudo_rand( &rnd_info, + iv, + operation->iv_size ) ); + if( status != PSA_SUCCESS ) + return( status ); + + *iv_length = operation->iv_size; + status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); + + return( status ); +} + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + psa_status_t status; + + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_length != operation->iv_size ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); + + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + + return( status ); +} + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status; + + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + /* CTR is a stream cipher, so data in and out are always the same size */ + if( output_size < input_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->cipher, input, + input_length, output, output_length ) ); + + if( status != PSA_SUCCESS ) + return status; + + if( test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; + } + + return( test_driver_cipher_hooks.forced_status ); +} + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->cipher, + temp_output_buffer, + output_length ) ); + + mbedtls_cipher_free( &operation->cipher ); + + if( status != PSA_SUCCESS ) + return( status ); + + if( *output_length == 0 ) + ; /* Nothing to copy. Note that output may be NULL in this case. */ + else if( output_size >= *output_length ) + memcpy( output, temp_output_buffer, *output_length ); + else + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + + if( test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; + } + + return( test_driver_cipher_hooks.forced_status ); +} + +/* + * opaque versions, to do + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation) +{ + (void) operation; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + (void) operation; + (void) iv; + (void) iv_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c new file mode 100644 index 000000000..00d2b4519 --- /dev/null +++ b/tests/src/drivers/key_management.c @@ -0,0 +1,355 @@ +/* + * Test driver for generating and verifying keys. + * Currently only supports generating and verifying ECC keys. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/ecp.h" +#include "mbedtls/error.h" + +#include "test/drivers/key_management.h" + +#include "test/random.h" + +#include + +test_driver_key_management_hooks_t test_driver_key_management_hooks = + TEST_DRIVER_KEY_MANAGEMENT_INIT; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + (void)attributes; +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR && + * !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + ++test_driver_key_management_hooks.hits; + + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); + + if( test_driver_key_management_hooks.forced_output != NULL ) + { + if( test_driver_key_management_hooks.forced_output_length > key_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( key, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *key_length = test_driver_key_management_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + /* Copied from psa_crypto.c */ +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) + { + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( + psa_get_key_type( attributes ) ); + mbedtls_ecp_group_id grp_id = + mbedtls_ecc_group_of_psa( + curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( curve_info->bit_size != psa_get_key_bits( attributes ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ecp_keypair_init( &ecp ); + ret = mbedtls_ecp_gen_key( grp_id, &ecp, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); + if( ret != 0 ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( mbedtls_to_psa_error( ret ) ); + } + + /* Make sure to use export representation */ + size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ); + if( key_size < bytes ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + psa_status_t status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary( &ecp.d, key, bytes ) ); + + if( status == PSA_SUCCESS ) + { + *key_length = bytes; + } + else + { + memset( key, 0, bytes ); + } + + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + else +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + (void) attributes; + (void) key; + (void) key_size; + (void) key_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) +{ + ++test_driver_key_management_hooks.hits; + + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + psa_key_type_t type = psa_get_key_type( attributes ); + if ( PSA_KEY_TYPE_IS_ECC( type ) ) + { + // Code mostly copied from psa_load_ecp_representation + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); + mbedtls_ecp_group_id grp_id; + mbedtls_ecp_keypair ecp; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( psa_get_key_bits( attributes ) == 0 ) + { + // Attempt auto-detect of curve bit size + size_t curve_size = data_length; + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) && + PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY ) + { + /* A Weierstrass public key is represented as: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. + * So its data length is 2m+1 where m is the curve size in bits. + */ + if( ( data_length & 1 ) == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + curve_size = data_length / 2; + + /* Montgomery public keys are represented in compressed format, meaning + * their curve_size is equal to the amount of input. */ + + /* Private keys are represented in uncompressed private random integer + * format, meaning their curve_size is equal to the amount of input. */ + } + + grp_id = mbedtls_ecc_group_of_psa( curve, curve_size ); + } + else + { + grp_id = mbedtls_ecc_group_of_psa( curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + } + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *bits = curve_info->bit_size; + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Load the key material. */ + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + /* Load the public value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + data, + data_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Check that the point is on the curve. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_check_pubkey( &ecp.grp, &ecp.Q ) ); + } + else + { + /* Load and validate the secret value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + data, + data_length ) ); + } + +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + return( PSA_ERROR_NOT_SUPPORTED ); +#else + (void) attributes; + (void) data; + (void) data_length; + (void) bits; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +} + +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + ++test_driver_key_management_hooks.hits; + + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); + + if( test_driver_key_management_hooks.forced_output != NULL ) + { + if( test_driver_key_management_hooks.forced_output_length > data_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( data, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *data_length = test_driver_key_management_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + if( key == NULL || key_length == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + psa_key_type_t keytype = psa_get_key_type( attributes ); + (void) keytype; + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( keytype ) ) + { + if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Mostly copied from psa_crypto.c */ + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ), + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + if( grp_id == MBEDTLS_ECP_DP_NONE ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + key, + key_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Calculate the public key */ + status = mbedtls_to_psa_error( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + data_length, + data, + data_size ) ); + if( status != PSA_SUCCESS ) + memset( data, 0, data_size ); +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c new file mode 100644 index 000000000..cea035190 --- /dev/null +++ b/tests/src/drivers/signature.c @@ -0,0 +1,291 @@ +/* + * Test driver for signature functions. + * Currently supports signing and verifying precalculated hashes, using + * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/ecp.h" + +#include "test/drivers/signature.h" + +#include "mbedtls/md.h" +#include "mbedtls/ecdsa.h" + +#include "test/random.h" + +#include + +test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT; +test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++test_driver_signature_sign_hooks.hits; + + if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_sign_hooks.forced_status ); + + if( test_driver_signature_sign_hooks.forced_output != NULL ) + { + if( test_driver_signature_sign_hooks.forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, test_driver_signature_sign_hooks.forced_output, + test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = test_driver_signature_sign_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + + /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ + mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; + if( signature_size < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, + hash, hash_length, md_alg ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + status = mbedtls_to_psa_error( ret ); + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); + if( status == PSA_SUCCESS ) + *signature_length = 2 * curve_bytes; +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++test_driver_signature_verify_hooks.hits; + + if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_verify_hooks.forced_status ); + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + + /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ + if( signature_length < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, + &ecp.Q, &r, &s ) ); +cleanup: + status = mbedtls_to_psa_error( ret ); + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c new file mode 100644 index 000000000..16a86922a --- /dev/null +++ b/tests/src/drivers/size.c @@ -0,0 +1,42 @@ +/* + * Test driver for retrieving key context size. + * Only used by opaque drivers. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) + +#include "test/drivers/size.h" + +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ) +{ + (void) key_type; + (void) key_bits; + return 0; +} +#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index f38507904..a18f1d4b8 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -19,10 +19,34 @@ #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include +#endif + +/*----------------------------------------------------------------------------*/ +/* Static global variables */ + +#if defined(MBEDTLS_CHECK_PARAMS) +typedef struct +{ + uint8_t expected_call; + uint8_t expected_call_happened; + + jmp_buf state; + + mbedtls_test_param_failed_location_record_t location_record; +} +param_failed_ctx_t; +static param_failed_ctx_t param_failed_ctx; +#endif + #if defined(MBEDTLS_PLATFORM_C) static mbedtls_platform_context platform_ctx; #endif +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + int mbedtls_test_platform_setup( void ) { int ret = 0; @@ -159,3 +183,64 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, } return ret; } + +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ) +{ + *location_record = param_failed_ctx.location_record; +} + +void mbedtls_test_param_failed_expect_call( void ) +{ + param_failed_ctx.expected_call_happened = 0; + param_failed_ctx.expected_call = 1; +} + +int mbedtls_test_param_failed_check_expected_call( void ) +{ + param_failed_ctx.expected_call = 0; + + if( param_failed_ctx.expected_call_happened != 0 ) + return( 0 ); + + return( -1 ); +} + +void* mbedtls_test_param_failed_get_state_buf( void ) +{ + return ¶m_failed_ctx.state; +} + +void mbedtls_test_param_failed_reset_state( void ) +{ + memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); +} + +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + /* Record the location of the failure */ + param_failed_ctx.location_record.failure_condition = failure_condition; + param_failed_ctx.location_record.file = file; + param_failed_ctx.location_record.line = line; + + /* If we are testing the callback function... */ + if( param_failed_ctx.expected_call != 0 ) + { + param_failed_ctx.expected_call = 0; + param_failed_ctx.expected_call_happened = 1; + } + else + { + /* ...else try a long jump. If the execution state has not been set-up + * or reset then the long jump buffer is all zero's and the call will + * with high probability fault, emphasizing there is something to look + * at. + */ + + longjmp( param_failed_ctx.state, 1 ); + } +} +#endif /* MBEDTLS_CHECK_PARAMS */ diff --git a/tests/src/random.c b/tests/src/random.c index af88d9841..e01bd4d2d 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -22,6 +22,15 @@ * limitations under the License. */ +/* + * for arc4random_buf() from + */ +#if defined(__NetBSD__) +#define _NETBSD_SOURCE 1 +#elif defined(__OpenBSD__) +#define _BSD_SOURCE 1 +#endif + #include #include #include diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 46dc83e94..fcd73f2c0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -114,8 +114,8 @@ print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" - printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n" - printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n" + printf " -f|--filter\tOnly matching tests are executed (BRE)\n" + printf " -e|--exclude\tMatching tests are excluded (BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" @@ -411,7 +411,7 @@ print_name() { fi LINE="$LINE$1" - printf "$LINE " + printf "%s " "$LINE" LEN=$(( 72 - `echo "$LINE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done printf ' ' @@ -634,6 +634,23 @@ detect_dtls() { fi } +# Compare file content +# Usage: find_in_both pattern file1 file2 +# extract from file1 the first line matching the pattern +# check in file2 that the same line can be found +find_in_both() { + srv_pattern=$(grep -m 1 "$1" "$2"); + if [ -z "$srv_pattern" ]; then + return 1; + fi + + if grep "$srv_pattern" $3 >/dev/null; then : + return 0; + else + return 1; + fi +} + # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output @@ -643,6 +660,7 @@ detect_dtls() { # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output # -F call shell function on server output +# -g call shell function on server and client output run_test() { NAME="$1" shift 1 @@ -738,12 +756,12 @@ run_test() { fi check_osrv_dtls - printf "# $NAME\n$SRV_CMD\n" > $SRV_OUT + printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! wait_server_start "$SRV_PORT" "$SRV_PID" - printf "# $NAME\n$CLI_CMD\n" > $CLI_OUT + printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT eval "$CLI_CMD" >> $CLI_OUT 2>&1 & wait_client_done @@ -865,6 +883,12 @@ run_test() { return fi ;; + "-g") + if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then + fail "function call to '$2' failed on Server and Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 @@ -1129,6 +1153,39 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +run_test "TLS client auth: required" \ + "$P_SRV auth_mode=required" \ + "$P_CLI" \ + 0 \ + -s "Verifying peer X.509 certificate... ok" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected client key" \ + "$P_SRV auth_mode=required" \ + "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ + 0 + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected server key" \ + "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ + "$P_CLI" \ + 0 + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected server key, two certificates" \ + "$P_SRV \ + key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \ + key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \ + "$P_CLI" \ + 0 + requires_config_enabled MBEDTLS_ZLIB_SUPPORT run_test "Default (compression enabled)" \ "$P_SRV debug_level=3" \ @@ -2990,12 +3047,12 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" + printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" exit 1 fi if [ $MAX_CONTENT_LEN -ne 16384 ]; then - printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" + echo "Using non-default maximum content length $MAX_CONTENT_LEN" fi requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -4149,14 +4206,14 @@ MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then - printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" - printf "test value of ${MAX_IM_CA}. \n" - printf "\n" - printf "The tests assume this value and if it changes, the tests in this\n" - printf "script should also be adjusted.\n" - printf "\n" + cat <x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -34,7 +33,7 @@ exit: /* BEGIN_CASE */ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -48,8 +47,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -59,7 +57,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -74,9 +72,8 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -86,7 +83,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -100,9 +97,8 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -236,7 +232,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -249,8 +245,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -259,7 +254,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -272,8 +267,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -282,7 +276,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -294,9 +288,8 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -305,7 +298,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -317,9 +310,8 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -329,17 +321,15 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ void aes_encrypt_ofb( int fragment_size, data_t *key_str, data_t *iv_str, data_t *src_str, - char *expected_output_string) + data_t *expected_output ) { unsigned char output[32]; - unsigned char output_string[65]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; memset( output, 0x00, sizeof( output ) ); - memset( output_string, 0x00, sizeof( output_string ) ); mbedtls_aes_init( &ctx ); TEST_ASSERT( (size_t)fragment_size < sizeof( output ) ); @@ -354,12 +344,10 @@ void aes_encrypt_ofb( int fragment_size, data_t *key_str, TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, iv_str->x, src_str_next, output ) == 0 ); - mbedtls_test_hexify( output_string, output, fragment_size ); - TEST_ASSERT( strncmp( (char *) output_string, expected_output_string, - ( 2 * fragment_size ) ) == 0 ); + TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 ); in_buffer_len -= fragment_size; - expected_output_string += ( fragment_size * 2 ); + expected_output->x += fragment_size; src_str_next += fragment_size; if( in_buffer_len < fragment_size ) diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 9aa491382..c1e238665 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -8,8 +8,7 @@ */ /* BEGIN_CASE */ -void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, - data_t * hex_dst_string ) +void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst ) { unsigned char dst_str[1000]; mbedtls_arc4_context ctx; @@ -19,11 +18,11 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); - TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); + TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, + src_str->x, dst_str ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index d08c39dc6..6d6a20335 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -207,14 +207,12 @@ exit: /* BEGIN_CASE */ void aria_encrypt_ecb( data_t *key_str, data_t *src_str, - char *hex_dst_string, int setkey_result ) + data_t *expected_output, int setkey_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t i; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -227,9 +225,9 @@ void aria_encrypt_ecb( data_t *key_str, data_t *src_str, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -239,14 +237,12 @@ exit: /* BEGIN_CASE */ void aria_decrypt_ecb( data_t *key_str, data_t *src_str, - char *hex_dst_string, int setkey_result ) + data_t *expected_output, int setkey_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t i; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -259,9 +255,9 @@ void aria_decrypt_ecb( data_t *key_str, data_t *src_str, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -271,14 +267,12 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int cbc_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -288,9 +282,8 @@ void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str->len ); - - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -300,14 +293,12 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int cbc_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -317,9 +308,8 @@ void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str->len ); - - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -329,15 +319,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -346,9 +334,9 @@ void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -357,15 +345,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -374,9 +360,9 @@ void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -385,16 +371,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -402,9 +386,9 @@ void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -413,16 +397,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -430,9 +412,9 @@ void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index eb6891cad..f89353ce9 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -167,7 +167,7 @@ exit: /* BEGIN_CASE */ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -181,8 +181,7 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } exit: @@ -192,7 +191,7 @@ exit: /* BEGIN_CASE */ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -206,8 +205,7 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } exit: @@ -217,7 +215,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -233,9 +231,8 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -245,7 +242,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -260,9 +257,8 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -272,8 +268,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string - ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -286,9 +281,8 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -297,8 +291,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string - ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -311,9 +304,8 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -322,7 +314,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char stream_str[100]; unsigned char output[100]; @@ -337,9 +329,8 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 4949feb88..312495c9a 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -175,7 +175,7 @@ exit: /* BEGIN_CASE */ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -189,8 +189,7 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -200,7 +199,7 @@ exit: /* BEGIN_CASE */ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -214,8 +213,7 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -225,8 +223,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, - int cbc_result ) + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -240,9 +237,8 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -252,7 +248,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -267,9 +263,8 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -279,8 +274,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, - data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -293,8 +287,7 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -304,7 +297,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string ) + data_t * dst ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -317,8 +310,7 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 46c172bbb..4f83468ac 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -41,9 +41,9 @@ ccm_lengths:5:10:5:18:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT -CCM lengths #7 AD too long (2^16 - 2^8 + 1) +CCM lengths #7 AD too long (2^16 - 2^8) depends_on:!MBEDTLS_CCM_ALT -ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT +ccm_lengths:5:10:65280:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #8 msg too long for this IV length (2^16, q = 2) ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT @@ -51,6 +51,9 @@ ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #9 tag length 0 ccm_lengths:5:10:5:0:MBEDTLS_ERR_CCM_BAD_INPUT +CCM lengths #10 Large AD +ccm_lengths:5:10:32768:8:0 + CCM* fixed tag lengths #1 all OK ccm_star_lengths:5:10:5:8:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 5724d8b26..faa7e130a 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -41,17 +41,17 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) unsigned char key[16]; unsigned char msg[10]; unsigned char iv[14]; - unsigned char add[10]; + unsigned char *add = NULL; unsigned char out[10]; unsigned char tag[18]; int decrypt_ret; mbedtls_ccm_init( &ctx ); + ASSERT_ALLOC_WEAK( add, add_len ); memset( key, 0, sizeof( key ) ); memset( msg, 0, sizeof( msg ) ); memset( iv, 0, sizeof( iv ) ); - memset( add, 0, sizeof( add ) ); memset( out, 0, sizeof( out ) ); memset( tag, 0, sizeof( tag ) ); @@ -70,6 +70,7 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) TEST_ASSERT( decrypt_ret == res ); exit: + mbedtls_free( add ); mbedtls_ccm_free( &ctx ); } /* END_CASE */ @@ -152,7 +153,7 @@ exit: void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, data_t * msg, data_t * iv, data_t * add, int tag_len, int result, - data_t * hex_msg ) + data_t * expected_msg ) { unsigned char tag[16]; mbedtls_ccm_context ctx; @@ -172,7 +173,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, if( result == 0 ) { - TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 ); + TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 ); } else { diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index afe24183a..67c8de2ec 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -17,13 +17,6 @@ void chacha20_crypt( data_t *key_str, unsigned char output[375]; mbedtls_chacha20_context ctx; - /* - * Buffers to store the ASCII string representation of output and - * expected_output_str. - */ - unsigned char output_string[751] = { '\0' }; - unsigned char expected_output_string[751] = { '\0' }; - memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( src_str->len == expected_output_str->len ); @@ -35,12 +28,8 @@ void chacha20_crypt( data_t *key_str, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( expected_output_string, - expected_output_str->x, - expected_output_str->len); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); /* * Test the streaming API @@ -54,9 +43,8 @@ void chacha20_crypt( data_t *key_str, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); /* * Test the streaming API again, piecewise @@ -71,9 +59,8 @@ void chacha20_crypt( data_t *key_str, TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1, src_str->x + 1, output + 1 ) == 0 ); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); mbedtls_chacha20_free( &ctx ); } diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 625c87ab1..5b249355b 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -15,8 +15,7 @@ void des_check_weak( data_t * key, int ret ) /* END_CASE */ /* BEGIN_CASE */ -void des_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -28,8 +27,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -37,8 +35,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void des_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -50,8 +47,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -60,8 +56,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, - int cbc_result ) + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -75,9 +70,8 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -87,7 +81,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -102,9 +96,8 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -114,7 +107,7 @@ exit: /* BEGIN_CASE */ void des3_encrypt_ecb( int key_count, data_t * key_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -132,8 +125,7 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -142,7 +134,7 @@ exit: /* BEGIN_CASE */ void des3_decrypt_ecb( int key_count, data_t * key_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -160,8 +152,7 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -171,7 +162,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des3_encrypt_cbc( int key_count, data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string, int cbc_result ) + data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -192,9 +183,8 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -205,7 +195,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des3_decrypt_cbc( int key_count, data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string, int cbc_result ) + data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -226,9 +216,8 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index b28d918ba..9b7b0ee14 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -35,8 +35,8 @@ exit: /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, data_t * src_str, data_t * iv_str, - data_t * add_str, data_t * hex_dst_string, - int tag_len_bits, data_t * hex_tag_string, + data_t * add_str, data_t * dst, + int tag_len_bits, data_t * tag, int init_result ) { unsigned char output[128]; @@ -55,11 +55,10 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, - tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, tag->x, + tag_len, tag->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 967df3690..4c597c3f9 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -14,13 +14,6 @@ void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, { int ret; unsigned char okm[128] = { '\0' }; - /* - * okm_string and expected_okm_string are the ASCII string representations - * of km and expected_okm, so their size should be twice the size of - * okm and expected_okm, and an extra null-termination. - */ - unsigned char okm_string[257] = { '\0' }; - unsigned char expected_okm_string[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); @@ -31,14 +24,8 @@ void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, info->x, info->len, okm, expected_okm->len ); TEST_ASSERT( ret == 0 ); - /* - * Run mbedtls_test_hexify on okm and expected_okm so that it looks nicer - * if the assertion fails. - */ - mbedtls_test_hexify( okm_string, okm, expected_okm->len ); - mbedtls_test_hexify( expected_okm_string, - expected_okm->x, expected_okm->len ); - TEST_ASSERT( !strcmp( (char *)okm_string, (char *)expected_okm_string ) ); + ASSERT_COMPARE( okm , expected_okm->len, + expected_okm->x, expected_okm->len ); } /* END_CASE */ @@ -62,12 +49,11 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len ); salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len ); prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); - TEST_ASSERT( prk_len == output_prk_len ); ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( !memcmp( output_prk, prk, prk_len ) ); + ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len ); exit: mbedtls_free(ikm); @@ -103,7 +89,7 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len, output_okm, OKM_LEN ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( !memcmp( output_okm, okm, okm_len ) ); + ASSERT_COMPARE( output_okm, okm_len, okm, okm_len ); exit: mbedtls_free(info); diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index be5782902..d918ce3b9 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -127,7 +127,7 @@ void md_info( int md_type, char * md_name, int md_size ) /* BEGIN_CASE */ void md_text( char * text_md_name, char * text_src_string, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char src_str[1000]; @@ -145,15 +145,14 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ -void md_hex( char * text_md_name, data_t * src_str, - data_t * hex_hash_string ) +void md_hex( char * text_md_name, data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -169,15 +168,15 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ void md_text_multi( char * text_md_name, char * text_src_string, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char src_str[1000]; @@ -211,18 +210,18 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len) == 0 ); + hash->len) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -231,8 +230,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void md_hex_multi( char * text_md_name, data_t * src_str, - data_t * hex_hash_string ) +void md_hex_multi( char * text_md_name, data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -261,18 +259,18 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -283,7 +281,7 @@ exit: /* BEGIN_CASE */ void mbedtls_md_hmac( char * text_md_name, int trunc_size, data_t * key_str, data_t * src_str, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -299,14 +297,14 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, - data_t * src_str, data_t * hex_hash_string ) + data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -332,8 +330,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -343,8 +341,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -353,7 +351,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void mbedtls_md_file( char * text_md_name, char * filename, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -368,8 +366,8 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index ed2ae58b4..aa35c583e 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */ -void md2_text( char * text_src_string, data_t * hex_hash_string ) +void md2_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -20,14 +20,13 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */ -void md4_text( char * text_src_string, data_t * hex_hash_string ) +void md4_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -41,14 +40,13 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */ -void md5_text( char * text_src_string, data_t * hex_hash_string ) +void md5_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -62,14 +60,13 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */ -void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) +void ripemd160_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -83,9 +80,8 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b3c5cbab3..09c31ccd4 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -613,7 +613,7 @@ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X, int size_Y, char * input_Y, int input_ret, int input_err ) { - unsigned ret; + unsigned ret = -1; unsigned input_uret = input_ret; mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 43b491473..98016c652 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -100,13 +100,13 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* - * Generate a key using PSA and return a handle to that key, + * Generate a key using PSA and return the key identifier of that key, * or 0 if the key generation failed. * The key uses NIST P-256 and is usable for signing with SHA-256. */ -psa_key_handle_t pk_psa_genkey( void ) +mbedtls_svc_key_id_t pk_psa_genkey( void ) { - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); @@ -133,7 +133,7 @@ exit: void pk_psa_utils( ) { mbedtls_pk_context pk, pk2; - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; @@ -151,14 +151,14 @@ void pk_psa_utils( ) TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) == + TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); mbedtls_pk_free( &pk ); mbedtls_pk_init( &pk ); key = pk_psa_genkey(); - if( key == 0 ) + if( mbedtls_svc_key_id_is_null( key ) ) goto exit; TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); @@ -200,6 +200,12 @@ void pk_psa_utils( ) TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + mbedtls_pk_free( &pk ); /* redundant except upon error */ mbedtls_pk_free( &pk2 ); PSA_DONE( ); @@ -775,8 +781,8 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash, TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q, key->x, key->len ) == 0 ); - // MBEDTLS_MD_SHA1 is a dummy - it is ignored, but has to be other than MBEDTLS_MD_NONE. - TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA1, + // MBEDTLS_MD_NONE is used since it will be ignored. + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash->x, hash->len, sig->x, sig->len ) == ret ); exit: @@ -1220,7 +1226,7 @@ void pk_psa_sign( int grpid_arg, unsigned char *pkey_legacy_start, *pkey_psa_start; size_t sig_len, klen_legacy, klen_psa; int ret; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); size_t expected_bits = expected_bits_arg; @@ -1252,10 +1258,10 @@ void pk_psa_sign( int grpid_arg, pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; /* Turn PK context into an opaque one. */ - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle, + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id, PSA_ALG_SHA_256 ) == 0 ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -1280,7 +1286,7 @@ void pk_psa_sign( int grpid_arg, TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); mbedtls_pk_free( &pk ); - TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) ); + TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) ); mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, @@ -1289,6 +1295,12 @@ void pk_psa_sign( int grpid_arg, hash, sizeof hash, sig, sig_len ) == 0 ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + mbedtls_pk_free( &pk ); PSA_DONE( ); } diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 8a4218090..068027b0e 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -12,7 +12,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, int radix_E, char * input_E, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[128]; mbedtls_rsa_context ctx; @@ -42,8 +42,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -56,7 +56,7 @@ exit: void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int hash, data_t * result_hex_str, + int hash, data_t * result_str, char * seed, data_t * message_str, int result ) { @@ -84,7 +84,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( result_hex_str->len == 0 ) + if( result_str->len == 0 ) { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, @@ -102,9 +102,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len) == 0 ); + result_str->len) == 0 ); } } @@ -267,7 +267,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, int digest, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[128]; @@ -305,8 +305,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c9e91c87c..c28cf08e2 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -12,7 +12,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, int radix_E, char * input_E, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -41,8 +41,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -55,7 +55,7 @@ exit: void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int hash, data_t * result_hex_str, + int hash, data_t * result_str, char * seed, data_t * message_str, int result ) { @@ -84,7 +84,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( result_hex_str->len == 0 ) + if( result_str->len == 0 ) { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, @@ -104,9 +104,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } @@ -122,7 +122,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, int digest, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; @@ -160,8 +160,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 44617d98e..4b8995b60 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -9,14 +9,12 @@ */ /* BEGIN_CASE */ -void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) +void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) { unsigned char mac[16]; /* size set by the standard */ - unsigned char mac_str[33]; /* hex expansion of the above */ mbedtls_poly1305_context ctx; - memset( mac_str, 0x00, sizeof( mac_str ) ); - memset( mac, 0x00, sizeof( mac ) ); + memset( mac, 0x00, sizeof( mac ) ); /* * Test the integrated API @@ -24,8 +22,8 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x, src_str->len, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); /* * Test the streaming API @@ -38,8 +36,8 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); /* * Test the streaming API again, piecewise @@ -56,8 +54,8 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); } /* @@ -73,8 +71,8 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); } mbedtls_poly1305_free( &ctx ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d982f81f6..d3dca7b2f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2,22 +2,28 @@ PSA compile-time sanity checks static_checks: PSA key attributes structure -attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128 +attributes_set_get:0xffff1234:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128 PSA key attributes: id only -persistence_attributes:0x1234:-1:-1:0x1234:PSA_KEY_LIFETIME_PERSISTENT +persistence_attributes:0x1234:0x5678:-1:-1:0:0x1234:0x5678:PSA_KEY_LIFETIME_PERSISTENT PSA key attributes: lifetime=3 only -persistence_attributes:-1:3:-1:0:3 +persistence_attributes:-1:0:3:-1:0:0:0:3 PSA key attributes: id then back to volatile -persistence_attributes:0x1234:PSA_KEY_LIFETIME_VOLATILE:-1:0:PSA_KEY_LIFETIME_VOLATILE +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE + +PSA key attributes: id then back to non local volatile +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1):-1:0:0:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1) PSA key attributes: id then lifetime -persistence_attributes:0x1234:3:-1:0x1234:3 +persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3 PSA key attributes: lifetime then id -persistence_attributes:0x1234:3:0x1235:0x1235:3 +persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3 + +PSA key attributes: non local volatile lifetime then id +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,3):0x1235:0x5679:0x1235:0x5679:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT,3) PSA key attributes: slot number slot_number_attribute: @@ -366,7 +372,11 @@ PSA import RSA public key: maximum size exceeded depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED -PSA key policy: AES +PSA key policy: AES ECB +depends_on:MBEDTLS_AES_C +check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECB_NO_PADDING + +PSA key policy: AES CBC depends_on:MBEDTLS_AES_C check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING @@ -559,39 +569,43 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE PSA key policy: agreement + KDF, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: agreement + KDF, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong KDF algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED -PSA key policy: agreement + KDF, key only permits raw agreement +PSA key policy: agreement + KDF, key permits raw agreement depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: raw agreement, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_SUCCESS PSA key policy: raw agreement, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, wrong algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED -PSA key policy: raw agreement, key only permits a KDF +PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key policy: raw agreement, key specifies KDF +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy algorithm2: CTR, CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC @@ -799,6 +813,10 @@ hash_compute_fail:PSA_ALG_ANY_HASH:"":32:PSA_ERROR_NOT_SUPPORTED PSA hash compute: bad algorithm (not a hash) hash_compute_fail:PSA_ALG_HMAC(PSA_ALG_SHA_256):"":32:PSA_ERROR_INVALID_ARGUMENT +PSA hash compute: output buffer empty +depends_on:MBEDTLS_SHA256_C +hash_compute_fail:PSA_ALG_SHA_256:"":0:PSA_ERROR_BUFFER_TOO_SMALL + PSA hash compute: output buffer too small depends_on:MBEDTLS_SHA256_C hash_compute_fail:PSA_ALG_SHA_256:"":31:PSA_ERROR_BUFFER_TOO_SMALL @@ -828,6 +846,10 @@ PSA hash compare: truncated hash depends_on:MBEDTLS_SHA256_C hash_compare_fail:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8":PSA_ERROR_INVALID_SIGNATURE +PSA hash compare: empty hash +depends_on:MBEDTLS_SHA256_C +hash_compare_fail:PSA_ALG_SHA_256:"":"":PSA_ERROR_INVALID_SIGNATURE + PSA hash compare: good depends_on:MBEDTLS_SHA256_C hash_compare_fail:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":PSA_SUCCESS @@ -1142,6 +1164,18 @@ PSA cipher: bad order function calls depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_bad_order: +PSA symmetric encrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + +PSA symmetric encrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + +PSA symmetric encrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":PSA_SUCCESS + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS @@ -1154,6 +1188,10 @@ PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS +PSA symmetric encrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT @@ -1178,6 +1216,26 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"c78e2b38139610e3":"5d0652429c5b0ac7":PSA_SUCCESS + +PSA symmetric encrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":"817ca7d69b80d86a":PSA_SUCCESS + +PSA symmetric decrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + +PSA symmetric decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS + +PSA symmetric decrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -1192,15 +1250,19 @@ cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1214,6 +1276,18 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +PSA symmetric decrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":"c78e2b38139610e3":PSA_SUCCESS + +PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3":PSA_SUCCESS + +PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" + PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_verify_output:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1230,6 +1304,18 @@ PSA symmetric encrypt/decrypt: AES-CTR depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" +PSA symmetric encryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + +PSA symmetric encryption multipart: AES-ECB, 13+19 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":13:0:32:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + +PSA symmetric encryption multipart: AES-ECB, 24+12 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":24:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" @@ -1258,23 +1344,23 @@ PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" @@ -1294,6 +1380,18 @@ PSA symmetric encryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" +PSA symmetric decryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + +PSA symmetric decryption multipart: AES-ECB, 11+21 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + +PSA symmetric decryption multipart: AES-ECB, 28+4 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" @@ -1318,23 +1416,23 @@ PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" @@ -1566,6 +1664,10 @@ PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:MBEDTLS_CHACHAPOLY_C aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +PSA AEAD encrypt: ChaCha20-Poly1305 (zero-length input) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":"a0784d7a4716f3feb4f64e7f4b39bf04" + PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:MBEDTLS_CHACHAPOLY_C aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS @@ -1574,6 +1676,10 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:MBEDTLS_CHACHAPOLY_C aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE +PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED @@ -2129,6 +2235,14 @@ PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes) depends_on:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: ECDH on P256 with HKDF-SHA256, key output +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS + PSA key derivation: HKDF invalid state (double generate + read past capacity) depends_on:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256) @@ -2411,31 +2525,39 @@ derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b PSA key agreement setup: ECDH + HKDF-SHA-256: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS + +PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader than required +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDH:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS + +PSA key agreement setup: ECDH + HKDF-SHA-256: key algorithm KDF mismatch +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_512)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_PERMITTED PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: KDF instead of a key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_HKDF(PSA_ALG_SHA_256):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA raw key agreement: ECDH SECP256R1 (RFC 5903) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C @@ -2461,6 +2583,14 @@ PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" +PSA raw key agreement: X25519 (RFC 7748: Alice) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" + +PSA raw key agreement: X25519 (RFC 7748: Bob) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" + PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 @@ -2622,6 +2752,10 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C # doesn't fully relate the curve with its size. generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED +PSA generate key: ECC, Curve25519, good +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS + PSA generate key: RSA, default e generate_key_rsa:512:"":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f4b9a8f67..8e71610ac 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -19,6 +19,7 @@ #define HAVE_RAM_AVAILABLE_128K #include "psa/crypto.h" +#include "psa_crypto_slot_management.h" /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -107,12 +108,10 @@ static const size_t INVALID_EXPORT_LENGTH = ~0U; #endif #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) +int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) { - /* At the moment, anything that isn't a built-in lifetime is either - * a secure element or unassigned. */ - return( lifetime != PSA_KEY_LIFETIME_VOLATILE && - lifetime != PSA_KEY_LIFETIME_PERSISTENT ); + return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != + PSA_KEY_LOCATION_LOCAL_STORAGE ); } #else int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) @@ -228,12 +227,12 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } -int check_key_attributes_sanity( psa_key_handle_t key ) +int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_lifetime_t lifetime; - psa_key_id_t id; + mbedtls_svc_key_id_t id; psa_key_type_t type; psa_key_type_t bits; @@ -244,19 +243,25 @@ int check_key_attributes_sanity( psa_key_handle_t key ) bits = psa_get_key_bits( &attributes ); /* Persistence */ - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - TEST_ASSERT( id == 0 ); + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + TEST_ASSERT( + ( PSA_KEY_ID_VOLATILE_MIN <= + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= + PSA_KEY_ID_VOLATILE_MAX ) ); + } else { TEST_ASSERT( - ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) || - ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) ); + ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* randomly-generated 64-bit constant, should never appear in test data */ psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); - if( lifetime_is_secure_element( lifetime ) ) + if( lifetime_is_dynamic_secure_element( lifetime ) ) { /* Mbed Crypto currently always exposes the slot number to * applications. This is not mandated by the PSA specification @@ -287,7 +292,12 @@ int check_key_attributes_sanity( psa_key_handle_t key ) ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } @@ -298,31 +308,29 @@ int exercise_mac_setup( psa_key_type_t key_type, psa_mac_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_mac_sign_setup( operation, handle, alg ); + *status = psa_mac_sign_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_mac_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ), - *status ); + TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } @@ -333,35 +341,34 @@ int exercise_cipher_setup( psa_key_type_t key_type, psa_cipher_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_cipher_encrypt_setup( operation, handle, alg ); + *status = psa_cipher_encrypt_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_cipher_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ), + TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } -static int exercise_mac_key( psa_key_handle_t handle, +static int exercise_mac_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -372,8 +379,7 @@ static int exercise_mac_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_SIGN_HASH ) { - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, @@ -387,8 +393,7 @@ static int exercise_mac_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), @@ -402,7 +407,7 @@ exit: return( 0 ); } -static int exercise_cipher_key( psa_key_handle_t handle, +static int exercise_cipher_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -417,8 +422,7 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), &iv_length ) ); @@ -440,15 +444,15 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't * have this macro yet. */ iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( psa_get_key_type( &attributes ) ); maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); + psa_reset_key_attributes( &attributes ); } - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, iv_length ) ); PSA_ASSERT( psa_cipher_update( &operation, @@ -476,7 +480,7 @@ exit: return( 0 ); } -static int exercise_aead_key( psa_key_handle_t handle, +static int exercise_aead_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -489,7 +493,7 @@ static int exercise_aead_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce, nonce_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -503,7 +507,7 @@ static int exercise_aead_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_ENCRYPT ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce, nonce_length, NULL, 0, ciphertext, ciphertext_length, @@ -518,7 +522,7 @@ exit: return( 0 ); } -static int exercise_signature_key( psa_key_handle_t handle, +static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -547,7 +551,7 @@ static int exercise_signature_key( psa_key_handle_t handle, * even for algorithms that allow other input sizes. */ if( hash_alg != 0 ) payload_length = PSA_HASH_SIZE( hash_alg ); - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, payload, payload_length, signature, sizeof( signature ), &signature_length ) ); @@ -559,7 +563,7 @@ static int exercise_signature_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, payload, payload_length, signature, signature_length ), verify_status ); @@ -571,7 +575,7 @@ exit: return( 0 ); } -static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, +static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -582,7 +586,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, plaintext, plaintext_length, NULL, 0, ciphertext, sizeof( ciphertext ), @@ -592,7 +596,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DECRYPT ) { psa_status_t status = - psa_asymmetric_decrypt( handle, alg, + psa_asymmetric_decrypt( key, alg, ciphertext, ciphertext_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -610,7 +614,7 @@ exit: } static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, unsigned char* input1, size_t input1_length, unsigned char* input2, size_t input2_length, @@ -624,7 +628,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_INFO, input2, @@ -638,7 +642,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length ) ); @@ -658,7 +662,7 @@ exit: } -static int exercise_key_derivation_key( psa_key_handle_t handle, +static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -672,7 +676,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DERIVE ) { - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) goto exit; @@ -693,7 +697,7 @@ exit: * private key against its own public key. */ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -706,29 +710,33 @@ static psa_status_t key_agreement_with_self( psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, - public_key, public_key_length, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, public_key, public_key_length ); exit: - mbedtls_free( public_key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); return( status ); } /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -743,26 +751,31 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); - status = psa_raw_key_agreement( alg, handle, + status = psa_raw_key_agreement( alg, key, public_key, public_key_length, output, sizeof( output ), &output_length ); exit: - mbedtls_free( public_key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); return( status ); } -static int exercise_raw_key_agreement_key( psa_key_handle_t handle, +static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -772,7 +785,7 @@ static int exercise_raw_key_agreement_key( psa_key_handle_t handle, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) ); + PSA_ASSERT( raw_key_agreement_with_self( alg, key ) ); } ok = 1; @@ -780,7 +793,7 @@ exit: return( ok ); } -static int exercise_key_agreement_key( psa_key_handle_t handle, +static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -793,7 +806,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); + PSA_ASSERT( key_agreement_with_self( &operation, key ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); @@ -1004,7 +1017,7 @@ exit: return( 0 ); } -static int exercise_export_key( psa_key_handle_t handle, +static int exercise_export_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1013,12 +1026,12 @@ static int exercise_export_key( psa_key_handle_t handle, size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_key( key, NULL, 0, &exported_length ), PSA_ERROR_NOT_PERMITTED ); ok = 1; goto exit; @@ -1028,7 +1041,7 @@ static int exercise_export_key( psa_key_handle_t handle, psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( psa_get_key_type( &attributes ), @@ -1036,12 +1049,17 @@ static int exercise_export_key( psa_key_handle_t handle, exported, exported_length ); exit: - mbedtls_free( exported ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); return( ok ); } -static int exercise_export_public_key( psa_key_handle_t handle ) +static int exercise_export_public_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t public_type; @@ -1050,10 +1068,10 @@ static int exercise_export_public_key( psa_key_handle_t handle ) size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_public_key( key, NULL, 0, &exported_length ), PSA_ERROR_INVALID_ARGUMENT ); return( 1 ); } @@ -1064,7 +1082,7 @@ static int exercise_export_public_key( psa_key_handle_t handle ) psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( public_type, @@ -1072,8 +1090,13 @@ static int exercise_export_public_key( psa_key_handle_t handle ) exported, exported_length ); exit: - mbedtls_free( exported ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); return( ok ); } @@ -1096,7 +1119,7 @@ exit: * if( ! exercise_key( ... ) ) goto exit; * ``` * - * \param handle The key to exercise. It should be capable of performing + * \param key The key to exercise. It should be capable of performing * \p alg. * \param usage The usage flags to assume. * \param alg The algorithm to exercise. @@ -1104,33 +1127,33 @@ exit: * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ -static int exercise_key( psa_key_handle_t handle, +static int exercise_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { int ok; - if( ! check_key_attributes_sanity( handle ) ) + if( ! check_key_attributes_sanity( key ) ) return( 0 ); if( alg == 0 ) ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) - ok = exercise_mac_key( handle, usage, alg ); + ok = exercise_mac_key( key, usage, alg ); else if( PSA_ALG_IS_CIPHER( alg ) ) - ok = exercise_cipher_key( handle, usage, alg ); + ok = exercise_cipher_key( key, usage, alg ); else if( PSA_ALG_IS_AEAD( alg ) ) - ok = exercise_aead_key( handle, usage, alg ); + ok = exercise_aead_key( key, usage, alg ); else if( PSA_ALG_IS_SIGN( alg ) ) - ok = exercise_signature_key( handle, usage, alg ); + ok = exercise_signature_key( key, usage, alg ); else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - ok = exercise_asymmetric_encryption_key( handle, usage, alg ); + ok = exercise_asymmetric_encryption_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - ok = exercise_key_derivation_key( handle, usage, alg ); + ok = exercise_key_derivation_key( key, usage, alg ); else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - ok = exercise_raw_key_agreement_key( handle, usage, alg ); + ok = exercise_raw_key_agreement_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - ok = exercise_key_agreement_key( handle, usage, alg ); + ok = exercise_key_agreement_key( key, usage, alg ); else { char message[40]; @@ -1141,8 +1164,8 @@ static int exercise_key( psa_key_handle_t handle, ok = 0; } - ok = ok && exercise_export_key( handle, usage ); - ok = ok && exercise_export_public_key( handle ); + ok = ok && exercise_export_key( key, usage ); + ok = ok && exercise_export_public_key( key ); return( ok ); } @@ -1175,37 +1198,45 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type, } -static int test_operations_on_invalid_handle( psa_key_handle_t handle ) +static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); uint8_t buffer[1]; size_t length; int ok = 0; - psa_set_key_id( &attributes, 0x6964 ); + psa_set_key_id( &attributes, key_id ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), - PSA_ERROR_INVALID_HANDLE ); - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); TEST_EQUAL( psa_get_key_bits( &attributes ), 0 ); - TEST_EQUAL( psa_export_key( handle, - buffer, sizeof( buffer ), &length ), - PSA_ERROR_INVALID_HANDLE ); - TEST_EQUAL( psa_export_public_key( handle, + TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_export_public_key( key, buffer, sizeof( buffer ), &length ), - PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } @@ -1321,19 +1352,22 @@ void static_checks( ) /* END_CASE */ /* BEGIN_CASE */ -void attributes_set_get( int id_arg, int lifetime_arg, +void attributes_set_get( int owner_id_arg, int id_arg, int lifetime_arg, int usage_flags_arg, int alg_arg, int type_arg, int bits_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id = id_arg; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_key_lifetime_t lifetime = lifetime_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; psa_key_type_t type = type_arg; size_t bits = bits_arg; - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); @@ -1347,7 +1381,8 @@ void attributes_set_get( int id_arg, int lifetime_arg, psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); @@ -1356,7 +1391,10 @@ void attributes_set_get( int id_arg, int lifetime_arg, psa_reset_key_attributes( &attributes ); - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); @@ -1366,14 +1404,19 @@ void attributes_set_get( int id_arg, int lifetime_arg, /* END_CASE */ /* BEGIN_CASE */ -void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, - int expected_id_arg, int expected_lifetime_arg ) +void persistence_attributes( int id1_arg, int owner_id1_arg, int lifetime_arg, + int id2_arg, int owner_id2_arg, + int expected_id_arg, int expected_owner_id_arg, + int expected_lifetime_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id1 = id1_arg; + mbedtls_svc_key_id_t id1 = + mbedtls_svc_key_id_make( owner_id1_arg, id1_arg ); psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id2 = id2_arg; - psa_key_id_t expected_id = expected_id_arg; + mbedtls_svc_key_id_t id2 = + mbedtls_svc_key_id_make( owner_id2_arg, id2_arg ); + mbedtls_svc_key_id_t expected_id = + mbedtls_svc_key_id_make( expected_owner_id_arg, expected_id_arg ); psa_key_lifetime_t expected_lifetime = expected_lifetime_arg; if( id1_arg != -1 ) @@ -1383,7 +1426,8 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, if( id2_arg != -1 ) psa_set_key_id( &attributes, id2 ); - TEST_EQUAL( psa_get_key_id( &attributes ), expected_id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), expected_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime ); } /* END_CASE */ @@ -1435,7 +1479,7 @@ void import_with_policy( int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; psa_algorithm_t alg = alg_arg; @@ -1451,23 +1495,28 @@ void import_with_policy( int type_arg, status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1479,7 +1528,7 @@ void import_with_data( data_t *data, int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t attr_bits = attr_bits_arg; psa_status_t expected_status = expected_status_arg; @@ -1490,23 +1539,28 @@ void import_with_data( data_t *data, int type_arg, psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, attr_bits ); - status = psa_import_key( &attributes, data->x, data->len, &handle ); + status = psa_import_key( &attributes, data->x, data->len, &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); if( attr_bits != 0 ) TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1519,7 +1573,7 @@ void import_large_key( int type_arg, int byte_size_arg, size_t byte_size = byte_size_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; uint8_t *buffer = NULL; size_t buffer_size = byte_size + 1; @@ -1535,18 +1589,18 @@ void import_large_key( int type_arg, int byte_size_arg, /* Try importing the key */ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, buffer, byte_size, &handle ); + status = psa_import_key( &attributes, buffer, byte_size, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) { - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), PSA_BYTES_TO_BITS( byte_size ) ); ASSERT_NO_SLOT_NUMBER( &attributes ); memset( buffer, 0, byte_size + 1 ); - PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) ); + PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) ); for( n = 0; n < byte_size; n++ ) TEST_EQUAL( buffer[n], 'K' ); for( n = byte_size; n < buffer_size; n++ ) @@ -1554,7 +1608,13 @@ void import_large_key( int type_arg, int byte_size_arg, } exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); } @@ -1563,7 +1623,7 @@ exit: /* BEGIN_CASE */ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t bits = bits_arg; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -1586,11 +1646,11 @@ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) /* Try importing the key */ psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, p, length, &handle ); + status = psa_import_key( &attributes, p, length, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: mbedtls_free( buffer ); @@ -1607,7 +1667,7 @@ void import_export( data_t *data, int expected_export_status_arg, int canonical_input ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1631,18 +1691,16 @@ void import_export( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); /* Export the key */ - status = psa_export_key( handle, - exported, export_size, - &exported_length ); + status = psa_export_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); /* The exported length must be set by psa_export_key() to a value between 0 @@ -1659,35 +1717,40 @@ void import_export( data_t *data, goto destroy; } - if( ! exercise_export_key( handle, usage_arg ) ) + if( ! exercise_export_key( key, usage_arg ) ) goto exit; if( canonical_input ) ASSERT_COMPARE( data->x, data->len, exported, exported_length ); else { - psa_key_handle_t handle2; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_import_key( &attributes, exported, exported_length, - &handle2 ) ); - PSA_ASSERT( psa_export_key( handle2, + &key2 ) ); + PSA_ASSERT( psa_export_key( key2, reexported, export_size, &reexported_length ) ); ASSERT_COMPARE( exported, exported_length, reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle2 ) ); + PSA_ASSERT( psa_destroy_key( key2 ) ); } TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) ); destroy: /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &got_attributes ); + mbedtls_free( exported ); mbedtls_free( reexported ); - psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } /* END_CASE */ @@ -1700,7 +1763,7 @@ void import_export_public_key( data_t *data, int expected_export_status_arg, data_t *expected_public_key ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1717,11 +1780,11 @@ void import_export_public_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Export the public key */ ASSERT_ALLOC( exported, export_size ); - status = psa_export_public_key( handle, + status = psa_export_public_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); @@ -1729,7 +1792,7 @@ void import_export_public_key( data_t *data, { psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); size_t bits; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); bits = psa_get_key_bits( &attributes ); TEST_ASSERT( expected_public_key->len <= PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) ); @@ -1738,9 +1801,14 @@ void import_export_public_key( data_t *data, } exit: - mbedtls_free( exported ); - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1751,7 +1819,7 @@ void import_and_exercise_key( data_t *data, int bits_arg, int alg_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; @@ -1766,23 +1834,29 @@ void import_and_exercise_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1793,7 +1867,7 @@ void effective_key_attributes( int type_arg, int expected_type_arg, int usage_arg, int expected_usage_arg, int alg_arg, int expected_alg_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = type_arg; psa_key_type_t expected_key_type = expected_type_arg; size_t bits = bits_arg; @@ -1811,18 +1885,23 @@ void effective_key_attributes( int type_arg, int expected_type_arg, psa_set_key_type( &attributes, key_type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1879,7 +1958,7 @@ void mac_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status; @@ -1892,9 +1971,9 @@ void mac_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_mac_sign_setup( &operation, handle, exercise_alg ); + status = psa_mac_sign_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1903,7 +1982,7 @@ void mac_key_policy( int policy_usage, psa_mac_abort( &operation ); memset( mac, 0, sizeof( mac ) ); - status = psa_mac_verify_setup( &operation, handle, exercise_alg ); + status = psa_mac_verify_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1912,7 +1991,7 @@ void mac_key_policy( int policy_usage, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1924,7 +2003,7 @@ void cipher_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_status_t status; @@ -1936,9 +2015,9 @@ void cipher_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_encrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1946,7 +2025,7 @@ void cipher_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); psa_cipher_abort( &operation ); - status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_decrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1955,7 +2034,7 @@ void cipher_key_policy( int policy_usage, exit: psa_cipher_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1969,7 +2048,7 @@ void aead_key_policy( int policy_usage, int tag_length_arg, int exercise_alg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char nonce[16] = {0}; @@ -1988,9 +2067,9 @@ void aead_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_aead_encrypt( handle, exercise_alg, + status = psa_aead_encrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, NULL, 0, @@ -2003,7 +2082,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( tag, 0, sizeof( tag ) ); - status = psa_aead_decrypt( handle, exercise_alg, + status = psa_aead_decrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, tag, tag_length, @@ -2016,7 +2095,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2028,7 +2107,7 @@ void asymmetric_encryption_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; size_t key_bits; @@ -2043,15 +2122,15 @@ void asymmetric_encryption_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, exercise_alg ); ASSERT_ALLOC( buffer, buffer_length ); - status = psa_asymmetric_encrypt( handle, exercise_alg, + status = psa_asymmetric_encrypt( key, exercise_alg, NULL, 0, NULL, 0, buffer, buffer_length, @@ -2064,7 +2143,7 @@ void asymmetric_encryption_key_policy( int policy_usage, if( buffer_length != 0 ) memset( buffer, 0, buffer_length ); - status = psa_asymmetric_decrypt( handle, exercise_alg, + status = psa_asymmetric_decrypt( key, exercise_alg, buffer, buffer_length, NULL, 0, buffer, buffer_length, @@ -2076,8 +2155,13 @@ void asymmetric_encryption_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); } @@ -2091,7 +2175,7 @@ void asymmetric_signature_key_policy( int policy_usage, int exercise_alg, int payload_length_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; @@ -2111,9 +2195,9 @@ void asymmetric_signature_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_sign_hash( handle, exercise_alg, + status = psa_sign_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ), &signature_length ); @@ -2123,7 +2207,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( signature, 0, sizeof( signature ) ); - status = psa_verify_hash( handle, exercise_alg, + status = psa_verify_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ) ); if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) @@ -2132,7 +2216,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2144,7 +2228,7 @@ void derive_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; @@ -2156,7 +2240,7 @@ void derive_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); @@ -2171,7 +2255,7 @@ void derive_key_policy( int policy_usage, status = psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ); + key ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) @@ -2181,7 +2265,7 @@ void derive_key_policy( int policy_usage, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2191,13 +2275,15 @@ void agreement_key_policy( int policy_usage, int policy_alg, int key_type_arg, data_t *key_data, - int exercise_alg ) + int exercise_alg, + int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; + psa_status_t expected_status = expected_status_arg; PSA_ASSERT( psa_crypto_init( ) ); @@ -2206,20 +2292,16 @@ void agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); - status = key_agreement_with_self( &operation, handle ); + status = key_agreement_with_self( &operation, key ); - if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) - PSA_ASSERT( status ); - else - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); + TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2228,7 +2310,7 @@ exit: void key_policy_alg2( int key_type_arg, data_t *key_data, int usage_arg, int alg_arg, int alg2_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2243,20 +2325,26 @@ void key_policy_alg2( int key_type_arg, data_t *key_data, psa_set_key_enrollment_algorithm( &attributes, alg2 ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - if( ! exercise_key( handle, usage, alg2 ) ) + if( ! exercise_key( key, usage, alg2 ) ) goto exit; exit: - psa_destroy_key( handle ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &got_attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2266,13 +2354,15 @@ void raw_agreement_key_policy( int policy_usage, int policy_alg, int key_type_arg, data_t *key_data, - int exercise_alg ) + int exercise_alg, + int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; + psa_status_t expected_status = expected_status_arg; PSA_ASSERT( psa_crypto_init( ) ); @@ -2281,19 +2371,15 @@ void raw_agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = raw_key_agreement_with_self( exercise_alg, handle ); + status = raw_key_agreement_with_self( exercise_alg, key ); - if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) - PSA_ASSERT( status ); - else - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); + TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2313,8 +2399,8 @@ void copy_success( int source_usage_arg, psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; - psa_key_handle_t source_handle = 0; - psa_key_handle_t target_handle = 0; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; PSA_ASSERT( psa_crypto_init( ) ); @@ -2326,12 +2412,17 @@ void copy_success( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + &source_key ) ); + PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) ); /* Prepare the target attributes. */ if( copy_attributes ) + { target_attributes = source_attributes; + /* Set volatile lifetime to reset the key identifier to 0. */ + psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE ); + } + if( target_usage_arg != -1 ) psa_set_key_usage_flags( &target_attributes, target_usage_arg ); if( target_alg_arg != -1 ) @@ -2340,14 +2431,14 @@ void copy_success( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( source_key, + &target_attributes, &target_key ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); /* Test that the target slot has the expected content and policy. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) ); TEST_EQUAL( psa_get_key_type( &source_attributes ), psa_get_key_type( &target_attributes ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ), @@ -2360,21 +2451,26 @@ void copy_success( int source_usage_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( target_key, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); } - if( ! exercise_key( target_handle, expected_usage, expected_alg ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg ) ) goto exit; - if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg2 ) ) goto exit; - PSA_ASSERT( psa_close_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( target_key ) ); exit: + /* + * Source and target key attributes may have been returned by + * psa_get_key_attributes() thus reset them as required. + */ psa_reset_key_attributes( &source_attributes ); psa_reset_key_attributes( &target_attributes ); + PSA_DONE( ); mbedtls_free( export_buffer ); } @@ -2391,8 +2487,8 @@ void copy_fail( int source_usage_arg, { psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t source_handle = 0; - psa_key_handle_t target_handle = 0; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -2403,7 +2499,7 @@ void copy_fail( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &source_key ) ); /* Prepare the target attributes. */ psa_set_key_type( &target_attributes, target_type_arg ); @@ -2413,11 +2509,11 @@ void copy_fail( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Try to copy the key. */ - TEST_EQUAL( psa_copy_key( source_handle, - &target_attributes, &target_handle ), + TEST_EQUAL( psa_copy_key( source_key, + &target_attributes, &target_key ), expected_status_arg ); - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); exit: psa_reset_key_attributes( &source_attributes ); @@ -2896,10 +2992,10 @@ exit: /* BEGIN_CASE */ void mac_bad_order( ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; @@ -2918,7 +3014,8 @@ void mac_bad_order( ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call update without calling setup beforehand. */ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), @@ -2938,16 +3035,13 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call setup twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); - TEST_EQUAL( psa_mac_sign_setup( &operation, - handle, alg ), + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after sign finish. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -2957,8 +3051,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after verify finish. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2967,8 +3060,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call sign finish twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -2980,8 +3072,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call verify finish twice in a row. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2991,8 +3082,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup sign but try verify. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ), @@ -3000,8 +3090,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup verify but try sign. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -3009,7 +3098,7 @@ void mac_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: PSA_DONE( ); @@ -3018,27 +3107,31 @@ exit: /* BEGIN_CASE */ void mac_sign( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* Leave a little extra room in the output buffer. At the end of the - * test, we'll check that the implementation didn't overwrite onto - * this extra room. */ - uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10]; + uint8_t *actual_mac = NULL; size_t mac_buffer_size = - PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); + PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); size_t mac_length = 0; + const size_t output_sizes_to_test[] = { + 0, + 1, + expected_mac->len - 1, + expected_mac->len, + expected_mac->len + 1, + }; - memset( actual_mac, '+', sizeof( actual_mac ) ); TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); - TEST_ASSERT( expected_mac->len <= mac_buffer_size ); + /* We expect PSA_MAC_FINAL_SIZE to be exact. */ + TEST_ASSERT( expected_mac->len == mac_buffer_size ); PSA_ASSERT( psa_crypto_init( ) ); @@ -3046,43 +3139,59 @@ void mac_sign( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - /* Calculate the MAC. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input->x, input->len ) ); - PSA_ASSERT( psa_mac_sign_finish( &operation, - actual_mac, mac_buffer_size, - &mac_length ) ); + for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) + { + const size_t output_size = output_sizes_to_test[i]; + psa_status_t expected_status = + ( output_size >= expected_mac->len ? PSA_SUCCESS : + PSA_ERROR_BUFFER_TOO_SMALL ); - /* Compare with the expected value. */ - ASSERT_COMPARE( expected_mac->x, expected_mac->len, - actual_mac, mac_length ); + test_set_step( output_size ); + ASSERT_ALLOC( actual_mac, output_size ); - /* Verify that the end of the buffer is untouched. */ - TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+', - sizeof( actual_mac ) - mac_length ) ); + /* Calculate the MAC. */ + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_sign_finish( &operation, + actual_mac, output_size, + &mac_length ), + expected_status ); + PSA_ASSERT( psa_mac_abort( &operation ) ); + + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( expected_mac->x, expected_mac->len, + actual_mac, mac_length ); + } + mbedtls_free( actual_mac ); + actual_mac = NULL; + } exit: - psa_destroy_key( handle ); + psa_mac_abort( &operation ); + psa_destroy_key( key ); PSA_DONE( ); + mbedtls_free( actual_mac ); } /* END_CASE */ /* BEGIN_CASE */ void mac_verify( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *perturbed_mac = NULL; TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); @@ -3092,20 +3201,57 @@ void mac_verify( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + /* Test the correct MAC. */ + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, expected_mac->x, expected_mac->len ) ); + /* Test a MAC that's too short. */ + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + expected_mac->x, + expected_mac->len - 1 ), + PSA_ERROR_INVALID_SIGNATURE ); + + /* Test a MAC that's too long. */ + ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); + memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + perturbed_mac, + expected_mac->len + 1 ), + PSA_ERROR_INVALID_SIGNATURE ); + + /* Test changing one byte. */ + for( size_t i = 0; i < expected_mac->len; i++ ) + { + test_set_step( i ); + perturbed_mac[i] ^= 1; + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + perturbed_mac, + expected_mac->len ), + PSA_ERROR_INVALID_SIGNATURE ); + perturbed_mac[i] ^= 1; + } + exit: - psa_destroy_key( handle ); + psa_mac_abort( &operation ); + psa_destroy_key( key ); PSA_DONE( ); + mbedtls_free( perturbed_mac ); } /* END_CASE */ @@ -3183,6 +3329,7 @@ void cipher_setup( int key_type_arg, #endif exit: + psa_cipher_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -3190,13 +3337,13 @@ exit: /* BEGIN_CASE */ void cipher_bad_order( ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_AES; psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 }; - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; const uint8_t text[] = { @@ -3209,18 +3356,18 @@ void cipher_bad_order( ) psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); - + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call encrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call decrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); @@ -3232,7 +3379,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3243,7 +3390,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_generate_iv( &operation, @@ -3259,7 +3406,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_set_iv( &operation, @@ -3268,7 +3415,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already generated. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3294,7 +3441,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call update after finish. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3313,7 +3460,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish without an IV where an IV is required. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); /* Not calling update means we are encrypting an empty buffer, which is OK * for cipher modes with padding. */ TEST_EQUAL( psa_cipher_finish( &operation, @@ -3322,7 +3469,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3332,20 +3479,21 @@ void cipher_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: + psa_cipher_abort( &operation ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3363,12 +3511,16 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3393,21 +3545,22 @@ void cipher_encrypt( int alg_arg, int key_type_arg, } exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3426,12 +3579,16 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3461,22 +3618,22 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output, total_output_length ); exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; - + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3495,12 +3652,15 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3532,19 +3692,20 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output, total_output_length ); exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3562,12 +3723,15 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3593,18 +3757,19 @@ void cipher_decrypt( int alg_arg, int key_type_arg, } exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_verify_output( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; @@ -3627,16 +3792,18 @@ void cipher_verify_output( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + if( alg != PSA_ALG_ECB_NO_PADDING ) + { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } output1_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_size ); @@ -3656,8 +3823,12 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } + PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, output2, output2_size, &output2_length ) ); @@ -3674,9 +3845,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: + psa_cipher_abort( &operation1 ); + psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3684,11 +3857,11 @@ exit: /* BEGIN_CASE */ void cipher_verify_output_multipart( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input, int first_part_size_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3712,16 +3885,19 @@ void cipher_verify_output_multipart( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); + + if( alg != PSA_ALG_ECB_NO_PADDING ) + { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); output1_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_buffer_size ); @@ -3751,8 +3927,11 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, output2, output2_buffer_size, @@ -3777,9 +3956,11 @@ void cipher_verify_output_multipart( int alg_arg, ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: + psa_cipher_abort( &operation1 ); + psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3792,7 +3973,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, data_t *input_data, int expected_result_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3819,9 +4000,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_encrypt( handle, alg, + TEST_EQUAL( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3839,7 +4020,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, TEST_EQUAL( input_data->len, PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3853,7 +4034,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, } exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); mbedtls_free( output_data2 ); PSA_DONE( ); @@ -3868,7 +4049,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, data_t *input_data, data_t *expected_result ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3891,9 +4072,9 @@ void aead_encrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, @@ -3904,7 +4085,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -3919,7 +4100,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, data_t *expected_data, int expected_result_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3944,9 +4125,9 @@ void aead_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3960,7 +4141,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -3992,7 +4173,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4008,8 +4189,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4021,7 +4202,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4032,7 +4213,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) memset( signature, 0, signature_size ); signature_length = INVALID_EXPORT_LENGTH; - PSA_ASSERT( psa_asymmetric_sign( handle, alg, + PSA_ASSERT( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4041,8 +4222,13 @@ void sign_deterministic( int key_type_arg, data_t *key_data, #endif /* MBEDTLS_TEST_DEPRECATED */ exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4053,7 +4239,7 @@ void sign_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t signature_size = signature_size_arg; @@ -4072,9 +4258,9 @@ void sign_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_sign_hash( handle, alg, + actual_status = psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ); @@ -4087,7 +4273,7 @@ void sign_fail( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) signature_length = INVALID_EXPORT_LENGTH; - TEST_EQUAL( psa_asymmetric_sign( handle, alg, + TEST_EQUAL( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ), @@ -4097,7 +4283,7 @@ void sign_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4107,7 +4293,7 @@ exit: void sign_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4123,8 +4309,8 @@ void sign_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4136,7 +4322,7 @@ void sign_verify( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4145,7 +4331,7 @@ void sign_verify( int key_type_arg, data_t *key_data, TEST_ASSERT( signature_length > 0 ); /* Use the library to verify that the signature is correct. */ - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ) ); @@ -4155,15 +4341,20 @@ void sign_verify( int key_type_arg, data_t *key_data, * detected as invalid. Flip a bit at the beginning, not at the end, * because ECDSA may ignore the last few bits of the input. */ input_data->x[0] ^= 1; - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4174,7 +4365,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4188,14 +4379,14 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); #if defined(MBEDTLS_TEST_DEPRECATED) - PSA_ASSERT( psa_asymmetric_verify( handle, alg, + PSA_ASSERT( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); @@ -4204,7 +4395,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4215,7 +4406,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, data_t *signature_data, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; @@ -4229,15 +4420,15 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_verify_hash( handle, alg, + actual_status = psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ); TEST_EQUAL( actual_status, expected_status ); #if defined(MBEDTLS_TEST_DEPRECATED) - TEST_EQUAL( psa_asymmetric_verify( handle, alg, + TEST_EQUAL( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ), expected_status ); @@ -4245,7 +4436,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4259,7 +4450,7 @@ void asymmetric_encrypt( int key_type_arg, int expected_output_length_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t expected_output_length = expected_output_length_arg; @@ -4278,16 +4469,16 @@ void asymmetric_encrypt( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum output length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); /* Encrypt the input */ - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4302,7 +4493,7 @@ void asymmetric_encrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4312,8 +4503,13 @@ void asymmetric_encrypt( int key_type_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4326,7 +4522,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *input_data, data_t *label ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4345,10 +4541,10 @@ void asymmetric_encrypt_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum ciphertext length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); @@ -4358,7 +4554,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random * part of encryption process which prevents using fixed vectors. */ - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4367,7 +4563,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, * it looks sensible. */ TEST_ASSERT( output_length <= output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, output, output_length, label->x, label->len, output2, output2_size, @@ -4376,8 +4572,13 @@ void asymmetric_encrypt_decrypt( int key_type_arg, output2, output2_length ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); mbedtls_free( output ); mbedtls_free( output2 ); PSA_DONE( ); @@ -4392,7 +4593,7 @@ void asymmetric_decrypt( int key_type_arg, data_t *label, data_t *expected_data ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4410,9 +4611,9 @@ void asymmetric_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, @@ -4428,7 +4629,7 @@ void asymmetric_decrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, @@ -4440,7 +4641,7 @@ void asymmetric_decrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4455,7 +4656,7 @@ void asymmetric_decrypt_fail( int key_type_arg, int output_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4474,9 +4675,9 @@ void asymmetric_decrypt_fail( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4491,7 +4692,7 @@ void asymmetric_decrypt_fail( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4502,7 +4703,7 @@ void asymmetric_decrypt_fail( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4594,12 +4795,14 @@ void derive_input( int alg_arg, expected_status_arg2, expected_status_arg3}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = {0, 0, 0}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t i; psa_key_type_t output_key_type = output_key_type_arg; - psa_key_handle_t output_handle = 0; + mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t expected_output_status = expected_output_status_arg; psa_status_t actual_output_status; @@ -4617,10 +4820,21 @@ void derive_input( int alg_arg, psa_set_key_type( &attributes, key_types[i] ); PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); - TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], - handles[i] ), - expected_statuses[i] ); + &keys[i] ) ); + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && + steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) + { + // When taking a private key as secret input, use key agreement + // to add the shared secret to the derivation + TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ), + expected_statuses[i] ); + } + else + { + TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], + keys[i] ), + expected_statuses[i] ); + } } else { @@ -4638,7 +4852,7 @@ void derive_input( int alg_arg, psa_set_key_bits( &attributes, 8 ); actual_output_status = psa_key_derivation_output_key( &attributes, &operation, - &output_handle ); + &output_key ); } else { @@ -4651,9 +4865,9 @@ void derive_input( int alg_arg, exit: psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); - psa_destroy_key( output_handle ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); + psa_destroy_key( output_key ); PSA_DONE( ); } /* END_CASE */ @@ -4662,7 +4876,7 @@ exit: void test_derive_invalid_key_derivation_state( int alg_arg ) { psa_algorithm_t alg = alg_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t key_type = PSA_KEY_TYPE_DERIVE; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; @@ -4684,10 +4898,10 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), - &handle ) ); + &key ) ); /* valid key derivation */ - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) @@ -4704,7 +4918,7 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4750,7 +4964,9 @@ void derive_output( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = {0, 0, 0}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = @@ -4792,10 +5008,9 @@ void derive_output( int alg_arg, case PSA_KEY_DERIVATION_INPUT_SECRET: PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); + &keys[i] ) ); PSA_ASSERT( psa_key_derivation_input_key( - &operation, steps[i], - handles[i] ) ); + &operation, steps[i], keys[i] ) ); break; default: PSA_ASSERT( psa_key_derivation_input_bytes( @@ -4847,8 +5062,8 @@ void derive_output( int alg_arg, exit: mbedtls_free( output_buffer ); psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); PSA_DONE( ); } /* END_CASE */ @@ -4860,7 +5075,7 @@ void derive_full( int alg_arg, data_t *input2, int requested_capacity_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -4876,9 +5091,9 @@ void derive_full( int alg_arg, psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1->x, input1->len, input2->x, input2->len, requested_capacity ) ) @@ -4911,7 +5126,7 @@ void derive_full( int alg_arg, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4926,8 +5141,8 @@ void derive_key_exercise( int alg_arg, int derived_usage_arg, int derived_alg_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t derived_type = derived_type_arg; size_t derived_bits = derived_bits_arg; @@ -4944,10 +5159,10 @@ void derive_key_exercise( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive a key. */ - if ( setup_key_derivation_wrap( &operation, base_handle, alg, + if ( setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -4957,22 +5172,27 @@ void derive_key_exercise( int alg_arg, psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &derived_handle ) ); + &derived_key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); /* Exercise the derived key. */ - if( ! exercise_key( derived_handle, derived_usage, derived_alg ) ) + if( ! exercise_key( derived_key, derived_usage, derived_alg ) ) goto exit; exit: - psa_key_derivation_abort( &operation ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + + psa_key_derivation_abort( &operation ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -4985,8 +5205,8 @@ void derive_key_export( int alg_arg, int bytes1_arg, int bytes2_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; @@ -5006,10 +5226,10 @@ void derive_key_export( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive some material and output it. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5020,7 +5240,7 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5030,16 +5250,16 @@ void derive_key_export( int alg_arg, psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer, bytes1, &length ) ); TEST_EQUAL( length, bytes1 ); - PSA_ASSERT( psa_destroy_key( derived_handle ) ); + PSA_ASSERT( psa_destroy_key( derived_key ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer + bytes1, bytes2, &length ) ); TEST_EQUAL( length, bytes2 ); @@ -5052,8 +5272,8 @@ exit: mbedtls_free( output_buffer ); mbedtls_free( export_buffer ); psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5064,8 +5284,8 @@ void derive_key( int alg_arg, int type_arg, int bits_arg, int expected_status_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t type = type_arg; size_t bits = bits_arg; @@ -5080,9 +5300,9 @@ void derive_key( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, SIZE_MAX ) ) goto exit; @@ -5092,25 +5312,26 @@ void derive_key( int alg_arg, psa_set_key_type( &derived_attributes, type ); psa_set_key_bits( &derived_attributes, bits ); TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ), + &derived_key ), expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void key_agreement_setup( int alg_arg, - int our_key_type_arg, data_t *our_key_data, - data_t *peer_key_data, + int our_key_type_arg, int our_key_alg_arg, + data_t *our_key_data, data_t *peer_key_data, int expected_status_arg ) { - psa_key_handle_t our_key = 0; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; + psa_algorithm_t our_key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5120,7 +5341,7 @@ void key_agreement_setup( int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &attributes, alg ); + psa_set_key_algorithm( &attributes, our_key_alg ); psa_set_key_type( &attributes, our_key_type ); PSA_ASSERT( psa_import_key( &attributes, our_key_data->x, our_key_data->len, @@ -5157,7 +5378,7 @@ void raw_key_agreement( int alg_arg, data_t *peer_key_data, data_t *expected_output ) { - psa_key_handle_t our_key = 0; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5194,7 +5415,7 @@ void key_agreement_capacity( int alg_arg, data_t *peer_key_data, int expected_capacity_arg ) { - psa_key_handle_t our_key = 0; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5254,7 +5475,7 @@ void key_agreement_output( int alg_arg, data_t *peer_key_data, data_t *expected_output1, data_t *expected_output2 ) { - psa_key_handle_t our_key = 0; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5368,7 +5589,7 @@ void generate_key( int type_arg, int alg_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; @@ -5385,22 +5606,27 @@ void generate_key( int type_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -5410,7 +5636,7 @@ void generate_key_rsa( int bits_arg, data_t *e_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; size_t bits = bits_arg; psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; @@ -5445,12 +5671,12 @@ void generate_key_rsa( int bits_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); PSA_ASSERT( psa_get_key_domain_parameters( &attributes, @@ -5462,11 +5688,11 @@ void generate_key_rsa( int bits_arg, ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; /* Export the key and check the public exponent. */ - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); { @@ -5500,8 +5726,13 @@ void generate_key_rsa( int bits_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() or + * set by psa_set_key_domain_parameters() thus reset them as required. + */ psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( e_read_buffer ); mbedtls_free( exported ); @@ -5514,10 +5745,10 @@ void persistent_key_load_key_from_storage( data_t *data, int usage_flags_arg, int alg_arg, int generation_method ) { - psa_key_id_t key_id = 1; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; - psa_key_handle_t base_key = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; @@ -5548,12 +5779,12 @@ void persistent_key_load_key_from_storage( data_t *data, case IMPORT_KEY: /* Import the key */ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, - &handle ) ); + &key ) ); break; case GENERATE_KEY: /* Generate a key */ - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); break; case DERIVE_KEY: @@ -5578,10 +5809,10 @@ void persistent_key_load_key_from_storage( data_t *data, NULL, 0 ) ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); - base_key = 0; + base_key = MBEDTLS_SVC_KEY_ID_INIT; } break; } @@ -5590,7 +5821,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, first_export, export_size, &first_exported_length ) ); if( generation_method == IMPORT_KEY ) @@ -5599,14 +5830,14 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Shutdown and restart */ - PSA_ASSERT( psa_close_key( handle ) ); + PSA_ASSERT( psa_purge_key( key ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); /* Check key slot still contains key data */ - PSA_ASSERT( psa_open_key( key_id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); @@ -5617,7 +5848,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key again if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, second_export, export_size, &second_exported_length ) ); ASSERT_COMPARE( first_export, first_exported_length, @@ -5625,23 +5856,21 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage_flags, alg ) ) + if( ! exercise_key( key, usage_flags, alg ) ) goto exit; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + mbedtls_free( first_export ); mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); - if( handle == 0 ) - { - /* In case there was a test failure after creating the persistent key - * but while it was not open, try to re-open the persistent key - * to delete it. */ - psa_open_key( key_id, &handle ); - } - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data new file mode 100644 index 000000000..2b1400b35 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -0,0 +1,187 @@ +sign_hash through transparent driver: calculate in driver +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS + +sign_hash through transparent driver: fallback +ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS + +sign_hash through transparent driver: error +ecdsa_sign:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR + +sign_hash through transparent driver: fake +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS + +verify_hash using private key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS + +verify_hash using private key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS + +verify_hash using private key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR + +verify_hash using public key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS + +verify_hash using public key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS + +verify_hash using public key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR + +generate_key through transparent driver: fake +generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS + +generate_key through transparent driver: in-driver +generate_key:PSA_SUCCESS:"":PSA_SUCCESS + +generate_key through transparent driver: fallback +generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS + +generate_key through transparent driver: error +generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR + +validate key through transparent driver: good private key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS + +validate key through transparent driver: good public key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS + +validate key through transparent driver: fallback private key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS + +validate key through transparent driver: fallback public key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS + +validate key through transparent driver: error +validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR + +export_key private to public through driver: fake +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"0102030405":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_SUCCESS + +export_key private to public through driver: in-driver +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: fallback +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: error +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR + +PSA symmetric encrypt: AES-CTR, 16 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" + +PSA symmetric encryption multipart: AES-CTR, 0+15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric encryption multipart: AES-CTR, 15+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric encryption multipart: AES-CTR, 0+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric encryption multipart: AES-CTR, 16+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" + +PSA symmetric decryption multipart: AES-CTR, 0+15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric decryption multipart: AES-CTR, 15+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric decryption multipart: AES-CTR, 0+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 16+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" + +Cipher driver: negative testing on all entry points +cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function new file mode 100644 index 000000000..6d20effe4 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -0,0 +1,813 @@ +/* BEGIN_HEADER */ +#include "test/psa_crypto_helpers.h" + +#include "test/drivers/test_driver.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_sign( int force_status_arg, + data_t *key_input, + data_t *data_input, + data_t *expected_output, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + uint8_t signature[64]; + size_t signature_length = 0xdeadbeef; + psa_status_t actual_status; + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + + test_driver_signature_sign_hooks.forced_status = force_status; + if( fake_output == 1 ) + { + test_driver_signature_sign_hooks.forced_output = expected_output->x; + test_driver_signature_sign_hooks.forced_output_length = expected_output->len; + } + + actual_status = psa_sign_hash( key, alg, + data_input->x, data_input->len, + signature, sizeof( signature ), + &signature_length ); + TEST_EQUAL( actual_status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( signature, signature_length, + expected_output->x, expected_output->len ); + } + TEST_EQUAL( test_driver_signature_sign_hooks.hits, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_verify( int force_status_arg, + int register_public_key, + data_t *key_input, + data_t *data_input, + data_t *signature_input, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + psa_status_t actual_status; + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + if( register_public_key ) + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + } + else + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + } + + test_driver_signature_verify_hooks.forced_status = force_status; + + actual_status = psa_verify_hash( key, alg, + data_input->x, data_input->len, + signature_input->x, signature_input->len ); + TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( test_driver_signature_verify_hooks.hits, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void generate_key( int force_status_arg, + data_t *fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); + const uint8_t *expected_output = NULL; + size_t expected_output_length = 0; + psa_status_t actual_status; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0}; + size_t actual_output_length; + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); + + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( &attributes, alg ); + + if( fake_output->len > 0 ) + { + expected_output = test_driver_key_management_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_key_management_hooks.forced_output_length = + fake_output->len; + } + + test_driver_key_management_hooks.hits = 0; + test_driver_key_management_hooks.forced_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + actual_status = psa_generate_key( &attributes, &key ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); + TEST_EQUAL( actual_status, expected_status ); + + if( actual_status == PSA_SUCCESS ) + { + psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length ); + + if( fake_output->len > 0 ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output, expected_output_length ); + } + else + { + size_t zeroes = 0; + for( size_t i = 0; i < sizeof(actual_output); i++ ) + { + if( actual_output[i] == 0) + zeroes++; + } + TEST_ASSERT( zeroes != sizeof(actual_output) ); + } + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void validate_key( int force_status_arg, + int key_type_arg, + data_t *key_input, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_type_t key_type = key_type_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t actual_status; + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); + + psa_set_key_type( &attributes, + key_type ); + psa_set_key_bits( &attributes, 0 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + + test_driver_key_management_hooks.forced_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); + TEST_EQUAL( actual_status, expected_status ); +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void export_key( int force_status_arg, + data_t *fake_output, + int key_in_type_arg, + data_t *key_in, + int key_out_type_arg, + data_t *expected_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t input_key_type = key_in_type_arg; + psa_key_type_t output_key_type = key_out_type_arg; + const uint8_t *expected_output_ptr = NULL; + size_t expected_output_length = 0; + psa_status_t actual_status; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0}; + size_t actual_output_length; + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); + + psa_set_key_type( &attributes, input_key_type ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + + PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT( psa_import_key( &attributes, key_in->x, key_in->len, &handle ) ); + + if( fake_output->len > 0 ) + { + expected_output_ptr = test_driver_key_management_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_key_management_hooks.forced_output_length = + fake_output->len; + } + else + { + expected_output_ptr = expected_output->x; + expected_output_length = expected_output->len; + } + + test_driver_key_management_hooks.hits = 0; + test_driver_key_management_hooks.forced_status = force_status; + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) ) + actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + else + actual_status = psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + TEST_EQUAL( actual_status, expected_status ); + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) && + !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) ) + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); + + if( actual_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output_ptr, expected_output_length ); + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_encrypt( int alg_arg, int key_type_arg, + data_t *key_data, data_t *iv, + data_t *input, data_t *expected_output, + int mock_output_arg, + int force_status_arg, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + psa_status_t force_status = force_status_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + test_driver_cipher_hooks.forced_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + + PSA_ASSERT( psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + + total_output_length += function_output_length; + status = psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ); + /* Finish will have called abort as well, so expecting two hits here */ + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + total_output_length += function_output_length; + + TEST_EQUAL( status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + PSA_ASSERT( psa_cipher_abort( &operation ) ); + // driver function should've been called as part of the finish() core routine + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + } + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_encrypt_multipart( int alg_arg, int key_type_arg, + data_t *key_data, data_t *iv, + data_t *input, + int first_part_size_arg, + int output1_length_arg, int output2_length_arg, + data_t *expected_output ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t first_part_size = first_part_size_arg; + size_t output1_length = output1_length_arg; + size_t output2_length = output2_length_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + TEST_ASSERT( first_part_size <= input->len ); + PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + TEST_ASSERT( function_output_length == output1_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, + input->x + first_part_size, + input->len - first_part_size, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + TEST_ASSERT( function_output_length == output2_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + /* Finish will have called abort as well, so expecting two hits here */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0 ; + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_decrypt_multipart( int alg_arg, int key_type_arg, + data_t *key_data, data_t *iv, + data_t *input, + int first_part_size_arg, + int output1_length_arg, int output2_length_arg, + data_t *expected_output ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t first_part_size = first_part_size_arg; + size_t output1_length = output1_length_arg; + size_t output2_length = output2_length_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + TEST_ASSERT( first_part_size <= input->len ); + PSA_ASSERT( psa_cipher_update( &operation, + input->x, first_part_size, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + TEST_ASSERT( function_output_length == output1_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, + input->x + first_part_size, + input->len - first_part_size, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + TEST_ASSERT( function_output_length == output2_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + /* Finish will have called abort as well, so expecting two hits here */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0; + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_decrypt( int alg_arg, int key_type_arg, + data_t *key_data, data_t *iv, + data_t *input, data_t *expected_output, + int mock_output_arg, + int force_status_arg, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + psa_status_t force_status = force_status_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + test_driver_cipher_hooks.forced_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + + PSA_ASSERT( psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + + total_output_length += function_output_length; + status = psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ); + /* Finish will have called abort as well, so expecting two hits here */ + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) ); + test_driver_cipher_hooks.hits = 0; + + total_output_length += function_output_length; + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + } + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_entry_points( int alg_arg, int key_type_arg, + data_t *key_data, data_t *iv, + data_t *input ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + /* Test setup call, encrypt */ + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_encrypt_setup( &operation, key, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + + /* Test setup call failure, decrypt */ + status = psa_cipher_decrypt_setup( &operation, key, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + + /* Test IV setting failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + /* When setting the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + /* Failure should prevent further operations from executing on the driver */ + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); + + /* Test IV generation failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length ); + /* When generating the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + /* Failure should prevent further operations from executing on the driver */ + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); + + /* Test update failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + /* When the update call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + /* Failure should prevent further operations from executing on the driver */ + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); + + /* Test finish failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_finish( &operation, + output + function_output_length, + output_buffer_size - function_output_length, + &function_output_length ); + /* When the finish call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + /* Failure should prevent further operations from executing on the driver */ + test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 6c577c06a..1bc93313a 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -31,6 +31,7 @@ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash ) actual_hash, actual_hash_length ); exit: + psa_hash_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -52,6 +53,7 @@ void hash_verify( int alg_arg, data_t *input, data_t *expected_hash ) expected_hash->len ) ); exit: + psa_hash_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -95,6 +97,8 @@ void hash_multi_part( int alg_arg, data_t *input, data_t *expected_hash ) } while( len++ != input->len ); exit: + psa_hash_abort( &operation ); + psa_hash_abort( &operation2 ); PSA_DONE( ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index fd4ff21fc..62ef6e2d7 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -185,7 +185,7 @@ void validate_module_init_key_based( int count ) psa_status_t status; uint8_t data[10] = { 0 }; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0xdead; + mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead ); int i; for( i = 0; i < count; i++ ) @@ -195,9 +195,9 @@ void validate_module_init_key_based( int count ) PSA_DONE( ); } psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - status = psa_import_key( &attributes, data, sizeof( data ), &handle ); + status = psa_import_key( &attributes, data, sizeof( data ), &key ); TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index f2b16e466..14979d317 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -122,6 +122,10 @@ Cipher: OFB depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER +Cipher: ECB-nopad +depends_on:MBEDTLS_CIPHER_C +cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0 + Cipher: CBC-nopad depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 1ba846695..7c0929e29 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -57,8 +57,18 @@ TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) /* Check the parity of value. - * Return 0 if value has even parity and a nonzero value otherwise. */ -int test_parity( uint32_t value ) + * + * There are several numerical encodings for which the PSA Cryptography API + * specification deliberately defines encodings that all have the same + * parity. This way, a data glitch that flips one bit in the data cannot + * possibly turn a valid encoding into another valid encoding. Here in + * the tests, we check that the values (including Mbed TLS vendor-specific + * values) have the expected parity. + * + * The expected parity is even so that 0 is considered a valid encoding. + * + * Return a nonzero value if value has even parity and 0 otherwise. */ +int has_even_parity( uint32_t value ) { value ^= value >> 16; value ^= value >> 8; @@ -66,7 +76,7 @@ int test_parity( uint32_t value ) return( 0x9669 & 1 << ( value & 0xf ) ); } #define TEST_PARITY( value ) \ - TEST_ASSERT( test_parity( value ) ) + TEST_ASSERT( has_even_parity( value ) ) void algorithm_classification( psa_algorithm_t alg, unsigned flags ) { @@ -497,7 +507,7 @@ void ecc_key_family( int curve_arg ) psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve ); - test_parity( curve ); + TEST_PARITY( curve ); test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR ); @@ -514,7 +524,7 @@ void dh_key_family( int group_arg ) psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group ); psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group ); - test_parity( group ); + TEST_PARITY( group ); test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index e0fba02c8..93f0fc07e 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -1,26 +1,26 @@ Format for storage: RSA private key -format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN +format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN + +Format for storage: AES-128 key +format_storage_data_check:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0 Parse storage: RSA private key -parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS +parse_storage_data_check:"505341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS Parse storage: AES-128 key -parse_storage_data_check:"505341004b45590000000000010000000024000000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS - -Parse storage: type out of range -parse_storage_data_check:"505341004b45590000000000010000000024010000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS Parse storage: wrong version -parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900ffffffff0100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: data too big -parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: bad magic -parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"645341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: truncated magic -parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key @@ -32,23 +32,35 @@ save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTE Persistent key destroy depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" +persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key destroy after restart depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" +persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key import (RSA) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS Persistent key import with restart (RSA) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS + +Persistent key import (RSA) invalid key id (VENDOR_MIN) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE + +Persistent key import (RSA) invalid key id (VOLATILE_MIN) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE + +Persistent key import (RSA) invalid key id (VENDOR_MAX) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE Persistent key import garbage data, should fail depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT import/export persistent raw key: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0 diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 49ce964fb..8e10158f6 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -10,6 +10,7 @@ #include #include "test/psa_crypto_helpers.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" #include "mbedtls/md.h" @@ -41,7 +42,7 @@ typedef struct { /* BEGIN_CASE */ void format_storage_data_check( data_t *key_data, data_t *expected_file_data, - int key_lifetime, int key_type, + int key_lifetime, int key_type, int key_bits, int key_usage, int key_alg, int key_alg2 ) { uint8_t *file_data = NULL; @@ -51,6 +52,7 @@ void format_storage_data_check( data_t *key_data, psa_set_key_lifetime( &attributes, key_lifetime ); psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, key_bits ); psa_set_key_usage_flags( &attributes, key_usage ); psa_set_key_algorithm( &attributes, key_alg ); psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); @@ -73,6 +75,7 @@ void parse_storage_data_check( data_t *file_data, data_t *expected_key_data, int expected_key_lifetime, int expected_key_type, + int expected_key_bits, int expected_key_usage, int expected_key_alg, int expected_key_alg2, @@ -95,6 +98,8 @@ void parse_storage_data_check( data_t *file_data, (psa_key_type_t) expected_key_lifetime ); TEST_EQUAL( psa_get_key_type( &attributes ), (psa_key_type_t) expected_key_type ); + TEST_EQUAL( psa_get_key_bits( &attributes ), + (psa_key_bits_t) expected_key_bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), (uint32_t) expected_key_usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), @@ -112,8 +117,7 @@ exit: /* BEGIN_CASE */ void save_large_persistent_key( int data_length_arg, int expected_status ) { - psa_key_id_t key_id = 42; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); uint8_t *data = NULL; size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -125,11 +129,11 @@ void save_large_persistent_key( int data_length_arg, int expected_status ) psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ), expected_status ); if( expected_status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: mbedtls_free( data ); @@ -139,12 +143,13 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void persistent_key_destroy( int key_id_arg, int restart, +void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, int first_type_arg, data_t *first_data, int second_type_arg, data_t *second_data ) { - psa_key_id_t key_id = key_id_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key_id = + mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -155,24 +160,21 @@ void persistent_key_destroy( int key_id_arg, int restart, psa_set_key_type( &attributes, first_type ); PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len, - &handle ) ); + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + psa_close_key( key_id ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); - TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( handle, 0 ); /* Shutdown and restart */ PSA_DONE(); @@ -182,9 +184,9 @@ void persistent_key_destroy( int key_id_arg, int restart, psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, second_type ); PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len, - &handle ) ); + &returned_key_id ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: PSA_DONE(); @@ -193,48 +195,57 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void persistent_key_import( int key_id_arg, int type_arg, data_t *data, - int restart, int expected_status ) +void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, + data_t *data, int restart, int expected_status ) { - psa_key_id_t key_id = (psa_key_id_t) key_id_arg; + mbedtls_svc_key_id_t key_id = + mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); + mbedtls_svc_key_id_t returned_key_id; psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init() ); psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, type ); - TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ), expected_status ); if( expected_status != PSA_SUCCESS ) { + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); goto exit; } + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) ); + if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), + key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_persistent_key( key_id ); PSA_DONE(); } @@ -245,9 +256,9 @@ void import_export_persistent_key( data_t *data, int type_arg, int expected_bits, int restart, int key_not_exist ) { - psa_key_id_t key_id = 42; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; unsigned char *exported = NULL; size_t export_size = data->len; size_t exported_length; @@ -262,21 +273,22 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } /* Test the key information */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); @@ -291,17 +303,22 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_destroy_persistent_key( key_id ); } /* Export the key */ - PSA_ASSERT( psa_export_key( handle, exported, export_size, + PSA_ASSERT( psa_export_key( key_id, exported, export_size, &exported_length ) ); ASSERT_COMPARE( data->x, data->len, exported, exported_length ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + mbedtls_free( exported ); PSA_DONE( ); psa_destroy_persistent_key( key_id ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 32e2ecb06..18d1d748e 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -130,28 +130,37 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:1:PSA_SUCCESS Key registration: invalid lifetime (volatile internal storage) -register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (internal storage) -register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:-1:PSA_ERROR_NOT_SUPPORTED Key registration: key id out of range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_HANDLE -Key registration: key id in vendor range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS +Key registration: key id min vendor +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MIN:1:PSA_ERROR_INVALID_HANDLE + +Key registration: key id max vendor except volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN-1:1:PSA_ERROR_INVALID_HANDLE + +Key registration: key id min volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN:1:PSA_ERROR_INVALID_HANDLE + +Key registration: key id max volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MAX:1:PSA_ERROR_INVALID_HANDLE Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index c9ce8667b..1add9b4a7 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -3,6 +3,7 @@ #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" /* Invasive peeking: check the persistent data */ @@ -367,7 +368,7 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, size_t *data_length ) { psa_status_t status; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; (void) context; @@ -379,11 +380,11 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, status = psa_import_key( &attributes, ram_slots[slot_number].content, PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ), - &handle ); + &key ); if( status != PSA_SUCCESS ) return( status ); - status = psa_export_public_key( handle, data, data_size, data_length ); - psa_destroy_key( handle ); + status = psa_export_public_key( key, data, data_size, data_length ); + psa_destroy_key( key ); return( PSA_SUCCESS ); } @@ -450,7 +451,7 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -463,13 +464,13 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == PSA_SUCCESS ); - status = psa_sign_hash( handle, alg, + &key ) == PSA_SUCCESS ); + status = psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } @@ -483,7 +484,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -496,20 +497,18 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == + &key ) == PSA_SUCCESS ); - status = psa_verify_hash( handle, alg, + status = psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } - - /****************************************************************/ /* Other test helper functions */ /****************************************************************/ @@ -524,16 +523,17 @@ typedef enum /* Check that the attributes of a key reported by psa_get_key_attributes() * are consistent with the attributes used when creating the key. */ static int check_key_attributes( - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, const psa_key_attributes_t *reference_attributes ) { int ok = 0; psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) ); - TEST_EQUAL( psa_get_key_id( &actual_attributes ), - psa_get_key_id( reference_attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &actual_attributes ), + psa_get_key_id( reference_attributes ) ) ); TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ), psa_get_key_lifetime( reference_attributes ) ); TEST_EQUAL( psa_get_key_type( &actual_attributes ), @@ -578,6 +578,12 @@ static int check_key_attributes( ok = 1; exit: + /* + * Actual key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &actual_attributes ); + return( ok ); } @@ -653,7 +659,7 @@ static int is_status_smoke_free( psa_status_t status ) * mostly bogus parameters: the goal is to ensure that there is no memory * corruption or crash. This test function is most useful when run under * an environment with sanity checks such as ASan or MSan. */ -static int smoke_test_key( psa_key_handle_t handle ) +static int smoke_test_key( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -663,54 +669,54 @@ static int smoke_test_key( psa_key_handle_t handle ) PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; - psa_key_handle_t handle2 = 0; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; - SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) ); - SMOKE_ASSERT( psa_export_key( handle, + SMOKE_ASSERT( psa_export_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_export_public_key( handle, + SMOKE_ASSERT( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) ); - if( handle2 != 0 ) - PSA_ASSERT( psa_close_key( handle2 ) ); + SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) ); + if( ! mbedtls_svc_key_id_is_null( key2 ) ) + PSA_ASSERT( psa_destroy_key( key2 ) ); - SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) ); + SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle, + SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key, PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ) ) ); - SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, 10, NULL, 0, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer ), &length ) ); @@ -723,12 +729,12 @@ static int smoke_test_key( psa_key_handle_t handle ) NULL, 0 ) ); SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); /* If the key is asymmetric, try it in a key agreement, both as * part of a derivation operation and standalone. */ - if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) == + if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) == PSA_SUCCESS ) { psa_algorithm_t alg = @@ -741,11 +747,11 @@ static int smoke_test_key( psa_key_handle_t handle ) SMOKE_ASSERT( psa_key_derivation_key_agreement( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle, buffer, length ) ); + key, buffer, length ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); SMOKE_ASSERT( psa_raw_key_agreement( - alg, handle, buffer, length, + alg, key, buffer, length, buffer, sizeof( buffer ), &length ) ); } #endif /* MBEDTLS_SHA256_C */ @@ -753,20 +759,50 @@ static int smoke_test_key( psa_key_handle_t handle ) ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } -#define MAX_KEY_ID_FOR_TEST 10 +static mbedtls_svc_key_id_t key_ids_used_in_test[10]; +static size_t num_key_ids_used; + +/* Record a key id as potentially used in a test case. */ +static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) +{ + size_t i; + + for( i = 0; i < num_key_ids_used ; i++ ) + { + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) + return( 1 ); + } + + if( num_key_ids_used >= ARRAY_LENGTH( key_ids_used_in_test ) ) + return( 0 ); + + key_ids_used_in_test[num_key_ids_used] = key_id; + ++num_key_ids_used; + + return( 1 ); +} + +#define TEST_USES_KEY_ID( key_id ) \ + TEST_ASSERT( test_uses_key_id( key_id ) ) + static void psa_purge_storage( void ) { - psa_key_id_t id; + size_t i; psa_key_location_t location; - /* The tests may have potentially created key ids from 1 to - * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id - * 0, which file-based storage uses as a temporary file. */ - for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( id ); + + for( i = 0; i < num_key_ids_used; i++ ) + psa_destroy_persistent_key( key_ids_used_in_test[i] ); + num_key_ids_used = 0; + /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -853,13 +889,16 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; size_t exported_length; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -881,8 +920,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); - + &returned_id ) ); if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { @@ -912,7 +950,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* Check that the PSA core has no knowledge of the volatile key */ - TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST ); + TEST_ASSERT( psa_open_key( returned_id, &handle ) == + PSA_ERROR_DOES_NOT_EXIST ); /* Drop data from our mockup driver */ ram_slots_reset(); @@ -920,20 +959,16 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) /* Re-import key */ PSA_ASSERT( psa_import_key( &attributes, - key_material, sizeof( key_material ), - &handle ) ); + key_material, sizeof( key_material ), + &returned_id ) ); } else { - - /* Check we can re-open the persistent key */ + /* Check the persistent key file */ if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - - /* Check that the PSA core still knows about the key */ - PSA_ASSERT( psa_open_key( id, &handle ) ); } } @@ -944,23 +979,28 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); psa_set_key_slot_number( &attributes, min_slot ); - if( ! check_key_attributes( handle, &attributes ) ) + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + attributes.core.id = returned_id; + else + psa_set_key_id( &attributes, returned_id ); + + if( ! check_key_attributes( returned_id, &attributes ) ) goto exit; /* Test the key data. */ - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( returned_id, exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( key_material, sizeof( key_material ), exported, exported_length ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + PSA_ASSERT( psa_destroy_key( returned_id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), + TEST_EQUAL( psa_open_key( returned_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); /* Test that the key has been erased from the designated slot. */ @@ -985,11 +1025,14 @@ void key_creation_in_chosen_slot( int slot_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1011,7 +1054,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_set_key_slot_number( &attributes, wanted_slot ); status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &returned_id ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) @@ -1031,7 +1074,6 @@ void key_creation_in_chosen_slot( int slot_arg, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); } /* Test that the key was created in the expected slot. */ @@ -1039,18 +1081,22 @@ void key_creation_in_chosen_slot( int slot_arg, /* Test that the key is reported with the correct attributes, * including the expected slot. */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); ram_slots_reset( ); psa_purge_storage( ); @@ -1067,10 +1113,13 @@ void import_key_smoke( int type_arg, int alg_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1094,13 +1143,13 @@ void import_key_smoke( int type_arg, int alg_arg, psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, - &handle ) ); + &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1110,18 +1159,15 @@ void import_key_smoke( int type_arg, int alg_arg, if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1139,10 +1185,12 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1158,7 +1206,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_generate_key( &attributes, &handle ), + TEST_EQUAL( psa_generate_key( &attributes, &returned_id ), PSA_ERROR_NOT_SUPPORTED ); exit: @@ -1178,10 +1226,13 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1204,13 +1255,13 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1220,18 +1271,15 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1258,14 +1306,16 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t drv_handle = 0; /* key managed by the driver */ - psa_key_handle_t sw_handle = 0; /* transparent key */ + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; + mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t drv_attributes; uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; size_t signature_length; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); memset( &asymmetric, 0, sizeof( asymmetric ) ); @@ -1313,11 +1363,11 @@ void sign_verify( int flow, if( generating ) { psa_set_key_bits( &drv_attributes, bits ); - PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) ); + PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) ); /* Since we called a generate method that does not actually * generate material, store the desired result of generation in * the mock secure element storage. */ - PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) ); TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); memcpy( ram_slots[ram_min_slot].content, key_material->x, key_material->len ); @@ -1326,7 +1376,7 @@ void sign_verify( int flow, { PSA_ASSERT( psa_import_key( &drv_attributes, key_material->x, key_material->len, - &drv_handle ) ); + &returned_id ) ); } /* Either import the same key in software, or export the driver's @@ -1337,20 +1387,20 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: PSA_ASSERT( psa_import_key( &sw_attributes, key_material->x, key_material->len, - &sw_handle ) ); + &sw_key ) ); break; case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: { uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; size_t public_key_length; - PSA_ASSERT( psa_export_public_key( drv_handle, + PSA_ASSERT( psa_export_public_key( id, public_key, sizeof( public_key ), &public_key_length ) ); psa_set_key_type( &sw_attributes, PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) ); PSA_ASSERT( psa_import_key( &sw_attributes, public_key, public_key_length, - &sw_handle ) ); + &sw_key ) ); break; } } @@ -1361,16 +1411,14 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: PSA_ASSERT_VIA_DRIVER( - psa_sign_hash( drv_handle, - alg, + psa_sign_hash( id, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ), PSA_SUCCESS ); break; case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_sign_hash( sw_handle, - alg, + PSA_ASSERT( psa_sign_hash( sw_key, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ) ); @@ -1378,30 +1426,36 @@ void sign_verify( int flow, } /* Verify with both keys. */ - PSA_ASSERT( psa_verify_hash( sw_handle, alg, + PSA_ASSERT( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ) ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_SUCCESS ); /* Change the signature and verify again. */ signature[0] ^= 1; - TEST_EQUAL( psa_verify_hash( sw_handle, alg, + TEST_EQUAL( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); exit: - psa_destroy_key( drv_handle ); - psa_destroy_key( sw_handle ); + /* + * Driver key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &drv_attributes ); + + psa_destroy_key( id ); + psa_destroy_key( sw_key ); PSA_DONE( ); ram_slots_reset( ); psa_purge_storage( ); @@ -1410,6 +1464,7 @@ exit: /* BEGIN_CASE */ void register_key_smoke_test( int lifetime_arg, + int owner_id_arg, int id_arg, int validate, int expected_status_arg ) @@ -1420,12 +1475,14 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id = id_arg; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); + psa_key_handle_t handle; size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; - psa_key_handle_t handle = 0; psa_status_t status; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; memset( &key_management, 0, sizeof( key_management ) ); @@ -1457,27 +1514,30 @@ void register_key_smoke_test( int lifetime_arg, goto exit; /* Test that the key exists and has the expected attributes. */ - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; - PSA_ASSERT( psa_close_key( handle ) ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t invalid_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); +#endif + + PSA_ASSERT( psa_purge_key( id ) ); /* Restart and try again. */ PSA_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; /* This time, destroy the key. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + PSA_ASSERT( psa_destroy_key( id ) ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( id ); PSA_DONE( ); psa_purge_storage( ); memset( &validate_slot_number_directions, 0, diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index ef50a6814..629c924ed 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -91,11 +91,13 @@ static void psa_purge_storage( void ) { psa_key_id_t id; psa_key_location_t location; + /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( id ); + psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); + /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -330,8 +332,8 @@ void mock_import( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -355,13 +357,25 @@ void mock_import( int mock_alloc_return_value, psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) == expected_result ); + &returned_id ) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_import_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); - TEST_ASSERT( mock_import_data.attributes.core.id == - ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) ); + + if( mock_alloc_return_value == PSA_SUCCESS ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + mock_import_data.attributes.core.id, id ) ); + } + else + { + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( + mock_import_data.attributes.core.id ) == 0 ); + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( + mock_import_data.attributes.core.id ) == 0 ); + } + TEST_ASSERT( mock_import_data.attributes.core.lifetime == ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) ); TEST_ASSERT( mock_import_data.attributes.core.policy.usage == @@ -371,7 +385,7 @@ void mock_import( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } exit: @@ -387,8 +401,8 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -414,15 +428,15 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_key( handle, - exported, sizeof( exported ), - &exported_length ) == expected_result ); + TEST_ASSERT( psa_export_key( id, + exported, sizeof( exported ), + &exported_length ) == expected_result ); TEST_ASSERT( mock_export_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); @@ -441,8 +455,8 @@ void mock_generate( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mock_allocate_data.return_value = mock_alloc_return_value; @@ -463,12 +477,24 @@ void mock_generate( int mock_alloc_return_value, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &attributes, 8 ); - TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result ); + TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_generate_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); - TEST_ASSERT( mock_generate_data.attributes.core.id == - ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) ); + + if( mock_alloc_return_value == PSA_SUCCESS ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + mock_generate_data.attributes.core.id, id ) ); + } + else + { + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( + mock_generate_data.attributes.core.id ) == 0 ); + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( + mock_generate_data.attributes.core.id ) == 0 ); + } + TEST_ASSERT( mock_generate_data.attributes.core.lifetime == ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) ); TEST_ASSERT( mock_generate_data.attributes.core.policy.usage == @@ -478,7 +504,7 @@ void mock_generate( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } @@ -496,8 +522,8 @@ void mock_export_public( int mock_export_public_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -523,13 +549,13 @@ void mock_export_public( int mock_export_public_return_value, PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported), + TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported), &exported_length ) == expected_result ); TEST_ASSERT( mock_export_public_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -546,8 +572,8 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -581,16 +607,16 @@ void mock_sign( int mock_sign_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_sign_hash( handle, algorithm, + TEST_ASSERT( psa_sign_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ), &signature_length) == expected_result ); TEST_ASSERT( mock_sign_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -607,8 +633,8 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -641,15 +667,15 @@ void mock_verify( int mock_verify_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_verify_hash( handle, algorithm, + TEST_ASSERT( psa_verify_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ) ) == expected_result ); TEST_ASSERT( mock_verify_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 84caef916..396cdfb53 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -1,86 +1,103 @@ Transient slot, check after closing -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +transient_slot_lifecycle:0x1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Transient slot, check after closing and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE_WITH_SHUTDOWN +transient_slot_lifecycle:0x13:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Transient slot, check after destroying -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +transient_slot_lifecycle:0x135:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Transient slot, check after destroying and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY_WITH_SHUTDOWN +transient_slot_lifecycle:0x1357:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN Transient slot, check after restart with live handles -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +transient_slot_lifecycle:0x13579:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after closing and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Persistent slot, check after destroying, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Persistent slot, check after destroying and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN + +Persistent slot, check after purging, id=min +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:200:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING + +Persistent slot, check after purging and restarting, id=min +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:201:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING_WITH_SHUTDOWN Persistent slot, check after restart with live handle, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after destroying, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING + +Persistent slot, check after purging, id=max +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:202:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING Persistent slot, check after restart, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), close depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN + +Persistent slot: ECP keypair (ECDSA, exportable), purge +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_PURGING Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN + +Persistent slot: ECP keypair (ECDH+ECDSA, exportable), purge +depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_PURGING Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN Attempt to overwrite: close before -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE Attempt to overwrite: close after -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_AFTER +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x7361:1:CLOSE_AFTER Attempt to overwrite: keep open -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:KEEP_OPEN +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x3617:1:KEEP_OPEN Open failure: invalid identifier (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:0:PSA_ERROR_INVALID_ARGUMENT +open_fail:0:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (random seed UID) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT +open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (reserved range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -95,19 +112,22 @@ create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT Create failure: invalid key id (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_HANDLE + +Create failure: invalid key id (1) for a volatile key +create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT Create failure: invalid key id (random seed UID) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE Create failure: invalid key id (reserved range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_HANDLE Create failure: invalid key id (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_HANDLE Open not supported depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -118,23 +138,27 @@ depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED Copy volatile to volatile -copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy volatile to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x100:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x100:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to volatile depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x1000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x1000:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10000:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 + +Copy persistent to persistent, same id but different owner +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10001:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to persistent with enrollment algorithm depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x100000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0x100000:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING Copy volatile to occupied depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -152,13 +176,33 @@ invalid handle: 0 invalid_handle:INVALID_HANDLE_0:PSA_SUCCESS:PSA_ERROR_INVALID_HANDLE invalid handle: never opened -invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE +invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST invalid handle: already closed -invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE +invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE -Open many transient handles -many_transient_handles:42 +Open many transient keys +many_transient_keys:42 + +# Eviction from a key slot to be able to import a new persistent key. +Key slot eviction to import a new persistent key +key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_PERSISTENT + +# Eviction from a key slot to be able to import a new volatile key. +Key slot eviction to import a new volatile key +key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_VOLATILE + +# Check that non reusable key slots are not deleted/overwritten in case of key +# slot starvation: +# . An attempt to access a persistent key while all RAM key slots are occupied +# by volatile keys fails and does not lead to volatile key data to be +# spoiled. +# . With all key slot in use with one containing a persistent key, an attempt +# to copy the persistent key fails (the persistent key slot cannot be +# reclaimed as it is accessed by the copy process) without the persistent key +# data and volatile key data being spoiled. +Non reusable key slots integrity in case of key slot starvation +non_reusable_key_slots_integrity_in_case_of_key_slot_starvation diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3a14b1211..57d478982 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -2,16 +2,32 @@ #include #include "test/psa_crypto_helpers.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" typedef enum { - CLOSE_BY_CLOSE, /**< Close the handle(s). */ - CLOSE_BY_DESTROY, /**< Destroy the handle(s). */ - CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */ - CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */ - CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */ -} close_method_t; + /**< Close key(s) */ + INVALIDATE_BY_CLOSING, + + /**< Destroy key(s) */ + INVALIDATE_BY_DESTROYING, + + /**< Purge key(s) */ + INVALIDATE_BY_PURGING, + + /**< Terminate and reinitialize without closing/destroying keys */ + INVALIDATE_BY_SHUTDOWN, + + /**< Close key(s) then terminate and re-initialize */ + INVALIDATE_BY_CLOSING_WITH_SHUTDOWN, + + /**< Destroy key(s) then terminate and re-initialize */ + INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN, + + /**< Purge key(s) then terminate and re-initialize */ + INVALIDATE_BY_PURGING_WITH_SHUTDOWN, +} invalidate_method_t; typedef enum { @@ -34,21 +50,22 @@ typedef enum * code. */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static psa_key_id_t key_ids_used_in_test[9]; +static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; /* Record a key id as potentially used in a test case. */ -static int test_uses_key_id( psa_key_id_t key_id ) +static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; - if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) { /* Don't touch key id values that designate non-key files. */ return( 1 ); } for( i = 0; i < num_key_ids_used ; i++ ) { - if( key_id == key_ids_used_in_test[i] ) + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) return( 1 ); } if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) @@ -72,23 +89,29 @@ static void psa_purge_key_storage( void ) #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -/** Apply \p close_method to invalidate the specified handles: +/** Apply \p invalidate_method to invalidate the specified key: * close it, destroy it, or do nothing; */ -static int invalidate_handle( close_method_t close_method, - psa_key_handle_t handle ) +static int invalidate_key( invalidate_method_t invalidate_method, + mbedtls_svc_key_id_t key ) { - switch( close_method ) + switch( invalidate_method ) { - case CLOSE_BY_CLOSE: - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - PSA_ASSERT( psa_close_key( handle ) ); + /* Closing the key invalidate only volatile keys, not persistent ones. */ + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + PSA_ASSERT( psa_close_key( key ) ); break; - case CLOSE_BY_DESTROY: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - PSA_ASSERT( psa_destroy_key( handle ) ); + case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: + PSA_ASSERT( psa_destroy_key( key ) ); break; - case CLOSE_BY_SHUTDOWN: + /* Purging the key just purges RAM data of persistent keys. */ + case INVALIDATE_BY_PURGING: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: + PSA_ASSERT( psa_purge_key( key ) ); + break; + case INVALIDATE_BY_SHUTDOWN: break; } return( 1 ); @@ -96,20 +119,22 @@ exit: return( 0 ); } -/** Restart the PSA subsystem if \p close_method says so. */ -static int invalidate_psa( close_method_t close_method ) +/** Restart the PSA subsystem if \p invalidate_method says so. */ +static int invalidate_psa( invalidate_method_t invalidate_method ) { - switch( close_method ) + switch( invalidate_method ) { - case CLOSE_BY_CLOSE: - case CLOSE_BY_DESTROY: + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_PURGING: return( 1 ); - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: /* All keys must have been closed. */ PSA_DONE( ); break; - case CLOSE_BY_SHUTDOWN: + case INVALIDATE_BY_SHUTDOWN: /* Some keys may remain behind, and we're testing that this * properly closes them. */ mbedtls_psa_crypto_free( ); @@ -132,69 +157,115 @@ exit: */ /* BEGIN_CASE */ -void transient_slot_lifecycle( int usage_arg, int alg_arg, +void transient_slot_lifecycle( int owner_id_arg, + int usage_arg, int alg_arg, int type_arg, data_t *key_data, - int close_method_arg ) + int invalidate_method_arg ) { psa_algorithm_t alg = alg_arg; psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; - close_method_t close_method = close_method_arg; - psa_key_handle_t handle = 0; + invalidate_method_t invalidate_method = invalidate_method_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); /* Import a key. */ +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_key_owner_id_t owner_id = owner_id_arg; + + mbedtls_set_key_owner_id( &attributes, owner_id ); +#else + (void)owner_id_arg; +#endif + psa_set_key_usage_flags( &attributes, usage_flags ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( handle != 0 ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); + psa_reset_key_attributes( &attributes ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + { + psa_key_handle_t handle; + mbedtls_svc_key_id_t key_with_invalid_owner = + mbedtls_svc_key_id_make( owner_id + 1, + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); + + TEST_ASSERT( mbedtls_key_owner_id_equal( + owner_id, + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ) ) ); + TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ), + PSA_ERROR_DOES_NOT_EXIST ); + } +#endif + + /* + * Purge the key and make sure that it is still valid, as purging a + * volatile key shouldn't invalidate/destroy it. + */ + PSA_ASSERT( psa_purge_key( key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + TEST_EQUAL( psa_get_key_type( &attributes ), type ); + psa_reset_key_attributes( &attributes ); + + /* Do something that invalidates the key. */ + if( ! invalidate_key( invalidate_method, key ) ) goto exit; - if( ! invalidate_psa( close_method ) ) + if( ! invalidate_psa( invalidate_method ) ) goto exit; - /* Test that the handle is now invalid. */ - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), - PSA_ERROR_INVALID_HANDLE ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE ); + /* Test that the key is now invalid. */ + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ -void persistent_slot_lifecycle( int lifetime_arg, int id_arg, +void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, int usage_arg, int alg_arg, int alg2_arg, int type_arg, data_t *key_data, - int close_method_arg ) + int invalidate_method_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_algorithm_t alg = alg_arg; psa_algorithm_t alg2 = alg2_arg; psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; - close_method_t close_method = close_method_arg; - psa_key_handle_t handle = 0; + invalidate_method_t invalidate_method = invalidate_method_arg; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *reexported = NULL; size_t reexported_length = -1; +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t wrong_owner_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif + TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); - /* Get a handle and import a key. */ psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); @@ -202,53 +273,68 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_enrollment_algorithm( &attributes, alg2 ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( handle != 0 ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Close the key and reopen it. */ - PSA_ASSERT( psa_close_key( handle ) ); + /* Close the key and then open it. */ + PSA_ASSERT( psa_close_key( id ) ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + PSA_ASSERT( psa_open_key( id, &handle ) ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) + /* + * Do something that wipes key data in volatile memory or destroy the + * key. + */ + if( ! invalidate_key( invalidate_method, id ) ) goto exit; - if( ! invalidate_psa( close_method ) ) + if( ! invalidate_psa( invalidate_method ) ) goto exit; - /* Test that the handle is now invalid. */ - TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), - PSA_ERROR_INVALID_HANDLE ); - psa_reset_key_attributes( &read_attributes ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE ); - - /* Try to reopen the key. If we destroyed it, check that it doesn't + /* Try to reaccess the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected * content. */ - switch( close_method ) + switch( invalidate_method ) { - case CLOSE_BY_CLOSE: - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - case CLOSE_BY_SHUTDOWN: + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + case INVALIDATE_BY_PURGING: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: + case INVALIDATE_BY_SHUTDOWN: PSA_ASSERT( psa_open_key( id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), psa_get_key_lifetime( &read_attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), - psa_get_key_id( &read_attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), + psa_get_key_id( &read_attributes ) ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), psa_get_key_algorithm( &read_attributes ) ); @@ -261,30 +347,41 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, if( usage_flags & PSA_KEY_USAGE_EXPORT ) { ASSERT_ALLOC( reexported, key_data->len ); - PSA_ASSERT( psa_export_key( handle, - reexported, key_data->len, + PSA_ASSERT( psa_export_key( id, reexported, key_data->len, &reexported_length ) ); ASSERT_COMPARE( key_data->x, key_data->len, reexported, reexported_length ); } else { - TEST_EQUAL( psa_export_key( handle, - NULL, 0, - &reexported_length ), + TEST_EQUAL( psa_export_key( id, NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); } PSA_ASSERT( psa_close_key( handle ) ); break; - case CLOSE_BY_DESTROY: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - TEST_EQUAL( psa_open_key( id, &handle ), + case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: + /* + * Test that the key handle and identifier are now not refering to an + * existing key. + */ + TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ), PSA_ERROR_DOES_NOT_EXIST ); break; } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes( &read_attributes ); + PSA_DONE( ); psa_purge_key_storage( ); mbedtls_free( reexported ); @@ -292,12 +389,12 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ -void create_existent( int lifetime_arg, int id_arg, +void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, int reopen_policy_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; - psa_key_handle_t handle1 = 0, handle2 = 0; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; const uint8_t material1[5] = "a key"; @@ -318,42 +415,47 @@ void create_existent( int lifetime_arg, int id_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ), - &handle1 ) ); - TEST_ASSERT( handle1 != 0 ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); if( reopen_policy == CLOSE_BEFORE ) - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Attempt to create a new key in the same slot. */ TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ), - &handle2 ), + &returned_id ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( handle2, 0 ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); if( reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_close_key( handle1 ) ); - if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_open_key( id, &handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Check that the original key hasn't changed. */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_EQUAL( psa_get_key_type( &attributes ), type1 ); TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_export_key( handle1, + PSA_ASSERT( psa_export_key( id, reexported, sizeof( reexported ), &reexported_length ) ); ASSERT_COMPARE( material1, sizeof( material1 ), reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); psa_purge_key_storage( ); } @@ -363,14 +465,14 @@ exit: void open_fail( int id_arg, int expected_status_arg ) { - psa_key_id_t id = id_arg; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0xdead; + psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); PSA_ASSERT( psa_crypto_init( ) ); TEST_EQUAL( psa_open_key( id, &handle ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); exit: PSA_DONE( ); @@ -382,23 +484,35 @@ void create_fail( int lifetime_arg, int id_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0xdead; + mbedtls_svc_key_id_t returned_id = + mbedtls_svc_key_id_make( 0xdead, 0xdead ); uint8_t material[1] = {'k'}; TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + /* + * Not possible to set a key identifier different from 0 through + * PSA key attributes APIs thus accessing to the attributes + * directly. + */ + attributes.core.id = id; + } + else + psa_set_key_id( &attributes, id ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), - &handle ), + &returned_id ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); exit: PSA_DONE( ); @@ -409,29 +523,32 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, - int source_usage_arg, +void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, + int source_id_arg, int source_usage_arg, int source_alg_arg, int source_alg2_arg, int type_arg, data_t *material, - int target_lifetime_arg, int target_id_arg, - int target_usage_arg, + int target_lifetime_arg, int target_owner_id_arg, + int target_id_arg, int target_usage_arg, int target_alg_arg, int target_alg2_arg, int expected_usage_arg, int expected_alg_arg, int expected_alg2_arg ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_id_t source_id = source_id_arg; + mbedtls_svc_key_id_t source_id = + mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = 0; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_id_t target_id = target_id_arg; + mbedtls_svc_key_id_t target_id = + mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = 0; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; @@ -443,41 +560,38 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Populate the source slot. */ - if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE ) - { - psa_set_key_id( &source_attributes, source_id ); - psa_set_key_lifetime( &source_attributes, source_lifetime ); - } + psa_set_key_id( &source_attributes, source_id ); + psa_set_key_lifetime( &source_attributes, source_lifetime ); + psa_set_key_type( &source_attributes, source_type ); psa_set_key_usage_flags( &source_attributes, source_usage ); psa_set_key_algorithm( &source_attributes, source_alg ); psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &returned_source_id ) ); /* Update the attributes with the bit size. */ - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_source_id, + &source_attributes ) ); /* Prepare the target slot. */ - if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) - { - psa_set_key_id( &target_attributes, target_id ); - psa_set_key_lifetime( &target_attributes, target_lifetime ); - } + psa_set_key_id( &target_attributes, target_id ); + psa_set_key_lifetime( &target_attributes, target_lifetime ); + psa_set_key_usage_flags( &target_attributes, target_usage ); psa_set_key_algorithm( &target_attributes, target_alg ); psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( returned_source_id, + &target_attributes, &returned_target_id ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); /* If the target key is persistent, restart the system to make * sure that the material is still alive. */ - if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) ) { mbedtls_psa_crypto_free( ); PSA_ASSERT( psa_crypto_init( ) ); @@ -486,8 +600,22 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, /* Test that the target slot has the expected content. */ psa_reset_key_attributes( &target_attributes ); - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); - TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, + &target_attributes ) ); + + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + target_id, psa_get_key_id( &target_attributes ) ) ); + } + else + { +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ), + target_owner_id_arg ); +#endif + } + TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) ); TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ), @@ -500,7 +628,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); @@ -509,14 +637,21 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, { size_t length; /* Check that the key is actually non-exportable. */ - TEST_EQUAL( psa_export_key( target_handle, export_buffer, + TEST_EQUAL( psa_export_key( returned_target_id, export_buffer, material->len, &length ), PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: + /* + * Source and target key attributes may have been returned by + * psa_get_key_attributes() thus reset them as required. + */ + psa_reset_key_attributes( &source_attributes ); + psa_reset_key_attributes( &target_attributes ); + PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -534,18 +669,20 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, int target_type_arg, data_t *target_material ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_id_t source_id = source_id_arg; + mbedtls_svc_key_id_t source_id = + mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = 0; psa_key_type_t source_type = source_type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_id_t target_id = target_id_arg; + mbedtls_svc_key_id_t target_id = + mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = 0; psa_key_type_t target_type = target_type_arg; - psa_key_handle_t new_handle = 0xdead; + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t new_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT; @@ -557,7 +694,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Populate the source slot. */ - if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( source_lifetime ) ) { psa_set_key_id( &attributes, source_id ); psa_set_key_lifetime( &attributes, source_lifetime ); @@ -567,12 +704,12 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes, source_alg ); PSA_ASSERT( psa_import_key( &attributes, source_material->x, source_material->len, - &source_handle ) ); + &returned_source_id ) ); /* Populate the target slot. */ - if( target_id == source_id ) + if( mbedtls_svc_key_id_equal( target_id, source_id ) ) { - target_handle = source_handle; + returned_target_id = returned_source_id; } else { @@ -583,22 +720,24 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes1, target_alg ); PSA_ASSERT( psa_import_key( &attributes1, target_material->x, target_material->len, - &target_handle ) ); + &returned_target_id ) ); } - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) ); + + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) ); /* Make a copy attempt. */ psa_set_key_id( &attributes, target_id ); psa_set_key_lifetime( &attributes, target_lifetime ); - TEST_EQUAL( psa_copy_key( source_handle, - &attributes, &new_handle ), + TEST_EQUAL( psa_copy_key( returned_source_id, + &attributes, &new_key ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( new_handle , 0 ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) ); /* Test that the target slot is unaffected. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); - TEST_EQUAL( psa_get_key_id( &attributes1 ), - psa_get_key_id( &attributes2 ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes1 ), + psa_get_key_id( &attributes2 ) ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes1 ), psa_get_key_lifetime( &attributes2 ) ); TEST_EQUAL( psa_get_key_type( &attributes1 ), @@ -613,17 +752,24 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, target_material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, target_material->len, &length ) ); ASSERT_COMPARE( target_material->x, target_material->len, export_buffer, length ); } - PSA_ASSERT( psa_destroy_key( source_handle ) ); - if( target_handle != source_handle ) - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); + if( ! mbedtls_svc_key_id_equal( target_id, source_id ) ) + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes1 ); + psa_reset_key_attributes( &attributes2 ); + PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -636,8 +782,9 @@ exit: void invalid_handle( int handle_construction, int close_status_arg, int usage_status_arg ) { - psa_key_handle_t valid_handle = 0; - psa_key_handle_t invalid_handle = 0; + psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key_id; psa_status_t close_status = close_status_arg; psa_status_t usage_status = usage_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -652,23 +799,35 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_import_key( &attributes, material, sizeof( material ), &valid_handle ) ); - TEST_ASSERT( valid_handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( valid_handle ) ); /* Construct an invalid handle as specified in the test case data. */ switch( handle_construction ) { case INVALID_HANDLE_0: - invalid_handle = 0; + invalid_handle = PSA_KEY_HANDLE_INIT; break; case INVALID_HANDLE_UNOPENED: - /* We can't easily construct a handle that's never been opened - * without knowing how the implementation constructs handle - * values. The current test code assumes that valid handles - * are in a range between 1 and some maximum. */ - if( valid_handle == 1 ) - invalid_handle = 2; + + /* + * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile + * key identifier as the imported key is a volatile key. Volatile + * key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN + * to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier + * in the range from PSA_KEY_ID_VOLATILE_MIN to + * PSA_KEY_ID_VOLATILE_MAX different from + * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an + * unopened and thus invalid identifier. + */ + + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) == + PSA_KEY_ID_VOLATILE_MIN ) + key_id = PSA_KEY_ID_VOLATILE_MIN + 1; else - invalid_handle = valid_handle - 1; + key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) - 1; + + invalid_handle = + mbedtls_svc_key_id_make( 0, key_id ); break; case INVALID_HANDLE_CLOSED: PSA_ASSERT( psa_import_key( &attributes, @@ -677,7 +836,8 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_destroy_key( invalid_handle ) ); break; case INVALID_HANDLE_HUGE: - invalid_handle = (psa_key_handle_t) ( -1 ); + invalid_handle = + mbedtls_svc_key_id_make( 0, PSA_KEY_ID_VENDOR_MAX + 1 ); break; default: TEST_ASSERT( ! "unknown handle construction" ); @@ -697,56 +857,255 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_close_key( valid_handle ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ -void many_transient_handles( int max_handles_arg ) +void many_transient_keys( int max_keys_arg ) { - psa_key_handle_t *handles = NULL; - size_t max_handles = max_handles_arg; + mbedtls_svc_key_id_t *keys = NULL; + size_t max_keys = max_keys_arg; size_t i, j; psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; - ASSERT_ALLOC( handles, max_handles ); + ASSERT_ALLOC( keys, max_keys ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - for( i = 0; i < max_handles; i++ ) + for( i = 0; i < max_keys; i++ ) { status = psa_import_key( &attributes, (uint8_t *) &i, sizeof( i ), - &handles[i] ); + &keys[i] ); if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) break; PSA_ASSERT( status ); - TEST_ASSERT( handles[i] != 0 ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) ); for( j = 0; j < i; j++ ) - TEST_ASSERT( handles[i] != handles[j] ); + TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) ); } - max_handles = i; + max_keys = i; - for( i = 1; i < max_handles; i++ ) + for( i = 1; i < max_keys; i++ ) { - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); - PSA_ASSERT( psa_export_key( handles[i], + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); + PSA_ASSERT( psa_export_key( keys[i], exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); } - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); exit: PSA_DONE( ); - mbedtls_free( handles ); + mbedtls_free( keys ); } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +void key_slot_eviction_to_import_new_key( int lifetime_arg ) +{ + psa_key_lifetime_t lifetime = (psa_key_lifetime_t)lifetime_arg; + size_t i; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t exported[sizeof( size_t )]; + size_t exported_length; + mbedtls_svc_key_id_t key, returned_key_id; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( &attributes, 0 ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); + + /* + * Create PSA_KEY_SLOT_COUNT persistent keys. + */ + for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) + { + key = mbedtls_svc_key_id_make( i, i + 1 ); + psa_set_key_id( &attributes, key ); + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &returned_key_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) ); + } + + /* + * Create a new persistent or volatile key. When creating the key, + * one of the descriptions of the previously created persistent keys + * is removed from the RAM key slots. This makes room to store its + * description in RAM. + */ + i = PSA_KEY_SLOT_COUNT; + key = mbedtls_svc_key_id_make( i, i + 1 ); + psa_set_key_id( &attributes, key ); + psa_set_key_lifetime( &attributes, lifetime ); + + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &returned_key_id ) ); + if( lifetime != PSA_KEY_LIFETIME_VOLATILE ) + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) ); + else + TEST_ASSERT( psa_key_id_is_volatile( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( returned_key_id ) ) ); + + /* + * Check that we can export all ( PSA_KEY_SLOT_COUNT + 1 ) keys, + * that they have the expected value and destroy them. In that process, + * the description of the persistent key that was evicted from the RAM + * slots when creating the last key is restored in a RAM slot to export + * its value. + */ + for( i = 0; i <= PSA_KEY_SLOT_COUNT; i++ ) + { + if( i < PSA_KEY_SLOT_COUNT ) + key = mbedtls_svc_key_id_make( i, i + 1 ); + else + key = returned_key_id; + + PSA_ASSERT( psa_export_key( key, + exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( key ) ); + } + +exit: + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) +{ + psa_status_t status; + size_t i; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t exported[sizeof( size_t )]; + size_t exported_length; + mbedtls_svc_key_id_t persistent_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t *keys = NULL; + + TEST_ASSERT( PSA_KEY_SLOT_COUNT >= 1 ); + + ASSERT_ALLOC( keys, PSA_KEY_SLOT_COUNT ); + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY ); + psa_set_key_algorithm( &attributes, 0 ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); + + /* + * Create a persistent key + */ + persistent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); + psa_set_key_id( &attributes, persistent_key ); + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &persistent_key, + sizeof( persistent_key ), + &returned_key_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) ); + + /* + * Create PSA_KEY_SLOT_COUNT volatile keys + */ + psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE ); + for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) + { + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &keys[i]) ); + } + psa_reset_key_attributes( &attributes ); + + /* + * Check that we cannot access the persistent key as all slots are + * occupied by volatile keys and the implementation needs to load the + * persistent key description in a slot to be able to access it. + */ + status = psa_get_key_attributes( persistent_key, &attributes ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); + + /* + * Check we can export the volatile key created last and that it has the + * expected value. Then, destroy it. + */ + PSA_ASSERT( psa_export_key( keys[PSA_KEY_SLOT_COUNT - 1], + exported, sizeof( exported ), + &exported_length ) ); + i = PSA_KEY_SLOT_COUNT - 1; + ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( keys[PSA_KEY_SLOT_COUNT - 1] ) ); + + /* + * Check that we can now access the persistent key again. + */ + PSA_ASSERT( psa_get_key_attributes( persistent_key, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( attributes.core.id, + persistent_key ) ); + + /* + * Check that we cannot copy the persistent key as all slots are occupied + * by the persistent key and the volatile keys and the slot containing the + * persistent key cannot be reclaimed as it contains the key to copy. + */ + persistent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); + psa_set_key_id( &attributes, persistent_key2 ); + status = psa_copy_key( persistent_key, &attributes, &returned_key_id ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); + + /* + * Check we can export the remaining volatile keys and that they have the + * expected values. + */ + for( i = 0; i < ( PSA_KEY_SLOT_COUNT - 1 ); i++ ) + { + PSA_ASSERT( psa_export_key( keys[i], + exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( keys[i] ) ); + } + + /* + * Check we can export the persistent key and that it have the expected + * value. + */ + + PSA_ASSERT( psa_export_key( persistent_key, exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &persistent_key, sizeof( persistent_key ) ); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + + psa_destroy_key( persistent_key ); + PSA_DONE( ); + mbedtls_free( keys ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index b6cc488a6..a7ce7b1d4 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -40,16 +40,23 @@ static psa_storage_uid_t uid_max = 0; static void cleanup( void ) { + /* Call remove() on all the files that a test might have created. + * We ignore the error if the file exists but remove() fails because + * it can't be checked portably (except by attempting to open the file + * first, which is needlessly slow and complicated here). A failure of + * remove() on an existing file is very unlikely anyway and would not + * have significant consequences other than perhaps failing the next + * test case. */ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; psa_storage_uid_t uid; for( uid = 0; uid < uid_max; uid++ ) { psa_its_fill_filename( uid, filename ); - remove( filename ); + (void) remove( filename ); } psa_its_fill_filename( (psa_storage_uid_t)( -1 ), filename ); - remove( filename ); - remove( PSA_ITS_STORAGE_TEMP ); + (void) remove( filename ); + (void) remove( PSA_ITS_STORAGE_TEMP ); uid_max = 0; } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 90335dbc7..6c73e3947 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -471,7 +471,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, int digest, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; @@ -507,8 +507,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -557,7 +557,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, int padding_mode, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, - char * input_E, data_t * result_hex_str ) + char * input_E, data_t * result_str ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -588,8 +588,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, hash_result->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -612,9 +612,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -692,7 +692,7 @@ exit: void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -722,8 +722,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -736,7 +736,7 @@ exit: void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -762,8 +762,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -777,7 +777,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int max_output, data_t * result_hex_str, + int max_output, data_t * result_str, int result ) { unsigned char output[32]; @@ -814,9 +814,9 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } exit: @@ -829,7 +829,7 @@ exit: /* BEGIN_CASE */ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ @@ -853,8 +853,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } /* And now with the copy */ @@ -869,8 +869,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -884,7 +884,7 @@ exit: void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, - char * input_E, data_t * result_hex_str, + char * input_E, data_t * result_str, int result ) { unsigned char output[256]; @@ -921,9 +921,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } @@ -941,9 +941,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx2.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 64280098c..f3477ec78 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -52,7 +52,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ -void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha1( data_t * src_str, data_t * hash ) { unsigned char output[41]; @@ -61,8 +61,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 ); } /* END_CASE */ @@ -123,7 +122,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ -void sha224( data_t * src_str, data_t * hex_hash_string ) +void sha224( data_t * src_str, data_t * hash ) { unsigned char output[57]; @@ -132,13 +131,12 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ -void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha256( data_t * src_str, data_t * hash ) { unsigned char output[65]; @@ -147,8 +145,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 ); } /* END_CASE */ @@ -209,7 +206,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ -void sha384( data_t * src_str, data_t * hex_hash_string ) +void sha384( data_t * src_str, data_t * hash ) { unsigned char output[97]; @@ -218,13 +215,12 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ -void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha512( data_t * src_str, data_t * hash ) { unsigned char output[129]; @@ -233,8 +229,7 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1b7919104..6e653ffc2 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10398,6 +10398,132 @@ Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255 depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255 +SSL TLS 1.3 Key schedule: Secret evolution #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Initial secret to Early Secret +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" + +SSL TLS 1.3 Key schedule: Secret evolution #2 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Early secret to Handshake Secret +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" + +SSL TLS 1.3 Key schedule: Secret evolution #3 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Handshake secret to Master Secret +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Server handshake traffic secret -> Server traffic key +# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #2 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Server handshake traffic secret -> Server traffic IV +# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #3 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Client handshake traffic secret -> Client traffic key +# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #4 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Client handshake traffic secret -> Client traffic IV +# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) +# Vector from RFC 8448 +# Server handshake traffic secret -> Server traffic IV +# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) +# Vector from RFC 8448 +# Server handshake traffic secret -> Server traffic Key +# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) +# Vector from RFC 8448 +# Client handshake traffic secret -> Client traffic IV +# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) +# Vector from RFC 8448 +# Client handshake traffic secret -> Client traffic Key +# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) +# Calculation of finished_key +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) +# Calculation of resumption key +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" + +SSL TLS 1.3 Key schedule: Traffic key generation #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" + +SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) +# Vector RFC 8448 +# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Derive-Secret( Early-Secret, "derived", "") +# Tests the case where context isn't yet hashed (empty string here, +# but still needs to be hashed) +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Derive-Secret( MasterSecret, "s ap traffic", hash) +# Tests the case where context is already hashed +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7c4f865e9..f377ffa99 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6,11 +6,20 @@ #include #include #include +#include #include #include +enum +{ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + tls1_3_label_ ## name, +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL +}; + typedef struct log_pattern { const char *pattern; @@ -3669,13 +3678,157 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_hkdf_expand_label( int hash_alg, + data_t *secret, + int label_idx, + data_t *ctx, + int desired_length, + data_t *expected ) +{ + unsigned char dst[ 100 ]; + + unsigned char const *lbl = NULL; + size_t lbl_len; +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls1_3_label_ ## name ) \ + { \ + lbl = mbedtls_ssl_tls1_3_labels.name; \ + lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ + } +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL + TEST_ASSERT( lbl != NULL ); + + /* Check sanity of test parameters. */ + TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length == expected->len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label( + (mbedtls_md_type_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + dst, desired_length ) == 0 ); + + ASSERT_COMPARE( dst, (size_t) desired_length, + expected->x, (size_t) expected->len ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_traffic_key_generation( int hash_alg, + data_t *server_secret, + data_t *client_secret, + int desired_iv_len, + int desired_key_len, + data_t *expected_server_write_key, + data_t *expected_server_write_iv, + data_t *expected_client_write_key, + data_t *expected_client_write_iv ) +{ + mbedtls_ssl_key_set keys; + + /* Check sanity of test parameters. */ + TEST_ASSERT( client_secret->len == server_secret->len ); + TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len && + expected_client_write_iv->len == (size_t) desired_iv_len ); + TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len && + expected_client_write_key->len == (size_t) desired_key_len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys( + (mbedtls_md_type_t) hash_alg, + client_secret->x, + server_secret->x, + client_secret->len /* == server_secret->len */, + desired_key_len, desired_iv_len, + &keys ) == 0 ); + + ASSERT_COMPARE( keys.client_write_key, + keys.key_len, + expected_client_write_key->x, + (size_t) desired_key_len ); + ASSERT_COMPARE( keys.server_write_key, + keys.key_len, + expected_server_write_key->x, + (size_t) desired_key_len ); + ASSERT_COMPARE( keys.client_write_iv, + keys.iv_len, + expected_client_write_iv->x, + (size_t) desired_iv_len ); + ASSERT_COMPARE( keys.server_write_iv, + keys.iv_len, + expected_server_write_iv->x, + (size_t) desired_iv_len ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_secret( int hash_alg, + data_t *secret, + int label_idx, + data_t *ctx, + int desired_length, + int already_hashed, + data_t *expected ) +{ + unsigned char dst[ 100 ]; + + unsigned char const *lbl = NULL; + size_t lbl_len; +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls1_3_label_ ## name ) \ + { \ + lbl = mbedtls_ssl_tls1_3_labels.name; \ + lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ + } +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL + TEST_ASSERT( lbl != NULL ); + + /* Check sanity of test parameters. */ + TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length == expected->len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret( + (mbedtls_md_type_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + already_hashed, + dst, desired_length ) == 0 ); + + ASSERT_COMPARE( dst, desired_length, + expected->x, desired_length ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_key_evolution( int hash_alg, + data_t *secret, + data_t *input, + data_t *expected ) +{ + unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ]; + + TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret( + (mbedtls_md_type_t) hash_alg, + secret->len ? secret->x : NULL, + input->len ? input->x : NULL, input->len, + secret_new ) == 0 ); + + ASSERT_COMPARE( secret_new, (size_t) expected->len, + expected->x, (size_t) expected->len ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, - char *label, data_t *result_hex_str, int exp_ret ) + char *label, data_t *result_str, int exp_ret ) { unsigned char *output; - output = mbedtls_calloc( 1, result_hex_str->len ); + output = mbedtls_calloc( 1, result_str->len ); if( output == NULL ) goto exit; @@ -3685,12 +3838,12 @@ void ssl_tls_prf( int type, data_t * secret, data_t * random, TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len, label, random->x, random->len, - output, result_hex_str->len ) == exp_ret ); + output, result_str->len ) == exp_ret ); if( exp_ret == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - result_hex_str->len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + result_str->len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 846ebb731..bb2624636 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.23.0" +check_compiletime_version:"2.24.0" Check runtime library version -check_runtime_version:"2.23.0" +check_runtime_version:"2.24.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1b0316eb8..bfdbab2cb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -911,6 +911,14 @@ X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" +X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" + +X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + X509 CRT verification: domain identical to IPv4 in SubjectAltName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 9cac2ec54..2bba4e2f7 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1220,21 +1220,21 @@ void x509_get_time( int tag, char * time_str, int ret, int year, int mon, /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag, +void x509_parse_rsassa_pss_params( data_t * params, int params_tag, int ref_msg_md, int ref_mgf_md, int ref_salt_len, int ref_ret ) { int my_ret; - mbedtls_x509_buf params; + mbedtls_x509_buf buf; mbedtls_md_type_t my_msg_md, my_mgf_md; int my_salt_len; - params.p = hex_params->x; - params.len = hex_params->len; - params.tag = params_tag; + buf.p = params->x; + buf.len = params->len; + buf.tag = params_tag; - my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md, - &my_salt_len ); + my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md, + &my_salt_len ); TEST_ASSERT( my_ret == ref_ret ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 31d60009d..9f2007d0b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -161,7 +161,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int cert_type ) { mbedtls_pk_context key; - psa_key_handle_t slot = 0; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t md_alg_psa; mbedtls_x509write_csr req; unsigned char buf[4096]; @@ -178,7 +178,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 ); + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); @@ -202,7 +202,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); - psa_destroy_key( slot ); + psa_destroy_key( key_id ); PSA_DONE( ); } /* END_CASE */ diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index f286e6735..1d5b29b8a 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -9,7 +9,7 @@ /* BEGIN_CASE */ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) + data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -20,14 +20,12 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ -void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -38,14 +36,13 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -57,15 +54,14 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -77,9 +73,8 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } /* END_CASE */ diff --git a/undef_assert_before_defining_it.txt b/undef_assert_before_defining_it.txt deleted file mode 100644 index 74a20188c..000000000 --- a/undef_assert_before_defining_it.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Undefine the ASSERT macro before defining it locally, in case it is defined - in a platform header. Contributed by Abdelatif Guettouche in #3557. diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 578289f17..0af414517 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -162,6 +162,7 @@ + @@ -223,6 +224,7 @@ + @@ -238,8 +240,15 @@ + + + + + + + @@ -247,6 +256,7 @@ + @@ -307,6 +317,7 @@ + @@ -325,6 +336,7 @@ +