From a2dbe66770b24cb6450c22e3cf8c42d22523813c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Jul 2021 11:24:02 +0200 Subject: [PATCH 01/29] tests: psa: driver: mac: Remove opaque entry points in library Opaque test entry points will be implemented only in test code. Signed-off-by: Ronald Cron --- library/psa_crypto_mac.c | 102 ---------------------------- library/psa_crypto_mac.h | 44 ------------ tests/src/drivers/test_driver_mac.c | 59 ++++++++++------ 3 files changed, 37 insertions(+), 168 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 7e0a8325d..cf2f07280 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -667,108 +667,6 @@ psa_status_t mbedtls_transparent_test_driver_mac_abort( return( mac_abort( operation ) ); } -psa_status_t mbedtls_opaque_test_driver_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) input; - (void) input_length; - (void) mac; - (void) mac_size; - (void) mac_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - (void) input; - (void) input_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - (void) mac; - (void) mac_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_opaque_test_driver_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation ) -{ - /* Opaque driver testing is not implemented yet through this mechanism. */ - (void) operation; - return( PSA_ERROR_NOT_SUPPORTED ); -} - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 9b81e73e0..c0948dc23 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -323,50 +323,6 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( psa_status_t mbedtls_transparent_test_driver_mac_abort( mbedtls_transparent_test_driver_mac_operation_t *operation ); -psa_status_t mbedtls_opaque_test_driver_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t mbedtls_opaque_test_driver_mac_sign_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_opaque_test_driver_mac_verify_setup( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_opaque_test_driver_mac_update( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t mbedtls_opaque_test_driver_mac_sign_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t mbedtls_opaque_test_driver_mac_verify_finish( - mbedtls_opaque_test_driver_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ); - -psa_status_t mbedtls_opaque_test_driver_mac_abort( - mbedtls_opaque_test_driver_mac_operation_t *operation ); - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_MAC_H */ diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 69af10780..2294ecf64 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -215,11 +215,16 @@ psa_status_t mbedtls_test_opaque_mac_compute( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_compute( - attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length ); + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -241,9 +246,12 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -265,9 +273,12 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -287,9 +298,10 @@ psa_status_t mbedtls_test_opaque_mac_update( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_update( - operation, input, input_length ); + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -310,9 +322,11 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_sign_finish( - operation, mac, mac_size, mac_length ); + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -332,9 +346,10 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_verify_finish( - operation, mac, mac_length ); + (void) operation; + (void) mac; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -352,8 +367,8 @@ psa_status_t mbedtls_test_opaque_mac_abort( } else { - mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_opaque_test_driver_mac_abort( operation ); + (void) operation; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; } return( mbedtls_test_driver_mac_hooks.driver_status ); From 4bcccc6956e03414339432492420038ac5e8e742 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Apr 2021 15:32:03 +0200 Subject: [PATCH 02/29] tests: psa driver: Align RSA/ECP sign/verify hash dispatch Align RSA/ECP sign/verify hash dispatch with the corresponding code of the library. The library code was modified recently but not the test code one and these modifications ease the following work. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 6 +- tests/src/drivers/test_driver_signature.c | 134 +++++++++++----------- 2 files changed, 70 insertions(+), 70 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5aed67181..ffe00c787 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2948,8 +2948,7 @@ psa_status_t psa_sign_hash_builtin( return( PSA_ERROR_INVALID_ARGUMENT ); } } - else - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { if( PSA_ALG_IS_ECDSA( alg ) ) { @@ -3019,8 +3018,7 @@ psa_status_t psa_verify_hash_builtin( return( PSA_ERROR_INVALID_ARGUMENT ); } } - else - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { if( PSA_ALG_IS_ECDSA( alg ) ) { diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 14de8318e..2e43270e5 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -58,58 +58,56 @@ psa_status_t sign_hash( size_t signature_size, size_t *signature_length ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - return( mbedtls_transparent_test_driver_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); - } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( -#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - PSA_ALG_IS_ECDSA( alg ) -#else - PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) -#endif - ) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || + PSA_ALG_IS_RSA_PSS( alg) ) { - return( mbedtls_transparent_test_driver_ecdsa_sign_hash( +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + return( mbedtls_transparent_test_driver_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ } else { return( PSA_ERROR_INVALID_ARGUMENT ); } } - else + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( PSA_ALG_IS_ECDSA( alg ) ) + { +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ - { - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } + + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t verify_hash( @@ -122,52 +120,56 @@ psa_status_t verify_hash( const uint8_t *signature, size_t signature_length ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - return( mbedtls_transparent_test_driver_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); - } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_ALG_IS_ECDSA( alg ) ) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || + PSA_ALG_IS_RSA_PSS( alg) ) { - return( mbedtls_transparent_test_driver_ecdsa_verify_hash( +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + return( mbedtls_transparent_test_driver_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ } else { return( PSA_ERROR_INVALID_ARGUMENT ); } } - else + else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( PSA_ALG_IS_ECDSA( alg ) ) + { +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ - { - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } + + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_signature_sign_message( From f7e83d5bfbb1bb4a5119c1dfd618778c56ceb657 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Mar 2021 14:57:04 +0200 Subject: [PATCH 03/29] tests: psa: Remove wrong test function dependencies Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 6d78ad51a..ddbb0185f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -312,7 +312,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ +/* BEGIN_CASE */ void validate_key( int force_status_arg, int key_type_arg, data_t *key_input, @@ -348,7 +348,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ +/* BEGIN_CASE */ void export_key( int force_status_arg, data_t *fake_output, int key_in_type_arg, From ae2e4a72253c7cebc1674820aeb4de8fc1b3b215 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Sep 2021 17:24:25 +0200 Subject: [PATCH 04/29] tests: Fix x509parse test dependency Signed-off-by: Ronald Cron --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f60a46b8b..7ac91f641 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -211,7 +211,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" X509 CRL Information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" X509 CRL Information MD5 Digest From 92becc665981f8e525e0f75c7611c9150f848431 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 10:18:46 +0200 Subject: [PATCH 05/29] tests: ssl: Add misssing dependencies on SHA-1 Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index e9501e4d6..fe7d97825 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -236,7 +236,7 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MB handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_1 @@ -268,7 +268,7 @@ depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_CIPHER_MODE_CBC:MB handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SHA1_C handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 From a23d9bb97db90d4a2c561e796ff2a783d53e0d13 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 10:30:43 +0200 Subject: [PATCH 06/29] tests: psa: Fix MD5 support not available dependencies MD5 should not be supported by the library and any driver. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 87b271f33..46309a7d2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1252,11 +1252,11 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_HMAC mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT PSA MAC setup: algorithm known but not supported, long key -depends_on:!MBEDTLS_MD5_C +depends_on:!PSA_WANT_ALG_MD5 mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED PSA MAC setup: algorithm known but not supported, short key -depends_on:!MBEDTLS_MD5_C +depends_on:!PSA_WANT_ALG_MD5 mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED PSA MAC: bad order function calls From 41f275018a32d82b8dc044ad84297747303b1d6e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Mar 2021 16:08:38 +0200 Subject: [PATCH 07/29] tests: psa: Fix the dependencies on some driver wrappers fallback tests The driver wrappers fallback tests depend on the builtin support not builtin or driver. Signed-off-by: Ronald Cron --- .../test_suite_psa_crypto_driver_wrappers.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index ead7a699d..ea6c9b32c 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -90,11 +90,11 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_ validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error @@ -110,7 +110,7 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDT export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS export_key private to public through driver: fallback -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS export_key private to public through driver: error @@ -126,11 +126,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317" PSA symmetric encrypt validation: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" PSA symmetric encrypt validation: AES-CTR, 15 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317" PSA symmetric encrypt multipart: AES-CTR, 16 bytes, good @@ -162,7 +162,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fake From fefa4580a584298b6d05d0d410e1c65320163277 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 6 Jul 2021 09:23:06 +0200 Subject: [PATCH 08/29] tests: psa: Fix guards Signed-off-by: Ronald Cron --- tests/src/psa_exercise_key.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index fc58fbd48..de2c48d6d 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -643,7 +643,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) ); else -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { uint8_t *p = (uint8_t*) exported; @@ -690,7 +690,7 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE ); } else -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) @@ -703,7 +703,7 @@ int mbedtls_test_psa_exported_key_sanity_check( else #endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_ASN1_PARSE_C) if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) { uint8_t *p = (uint8_t*) exported; @@ -731,7 +731,7 @@ int mbedtls_test_psa_exported_key_sanity_check( PSA_EXPORT_PUBLIC_KEY_MAX_SIZE ); } else -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) ) From 0c677c287b955faca4fc6431d15e24843792d01f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Apr 2021 17:15:06 +0200 Subject: [PATCH 09/29] psa: Fix hash and mac operation type The test entry points defined in psa_crypto_hash.c and psa_crypto_mac.c are supposed to be exact clones of the Mbed TLS driver entry points. Thus the operation type should be the Mbed TLS operation type not a test one. There was no compilation error as the hash and cipher operation test types are currently equal to the Mbed TLS ones. Signed-off-by: Ronald Cron --- library/psa_crypto_hash.c | 12 ++++++------ library/psa_crypto_hash.h | 12 ++++++------ library/psa_crypto_mac.c | 12 ++++++------ library/psa_crypto_mac.h | 12 ++++++------ 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index a49edd89e..6ef6b0709 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -644,7 +644,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_compute( } psa_status_t mbedtls_transparent_test_driver_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ) { if( is_hash_accelerated( alg ) ) @@ -654,8 +654,8 @@ psa_status_t mbedtls_transparent_test_driver_hash_setup( } psa_status_t mbedtls_transparent_test_driver_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation ) + const mbedtls_psa_hash_operation_t *source_operation, + mbedtls_psa_hash_operation_t *target_operation ) { if( is_hash_accelerated( source_operation->alg ) ) return( hash_clone( source_operation, target_operation ) ); @@ -664,7 +664,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_clone( } psa_status_t mbedtls_transparent_test_driver_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ) { @@ -675,7 +675,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_update( } psa_status_t mbedtls_transparent_test_driver_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ) @@ -687,7 +687,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_finish( } psa_status_t mbedtls_transparent_test_driver_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation ) + mbedtls_psa_hash_operation_t *operation ) { return( hash_abort( operation ) ); } diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index eb7051295..e21905c0b 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -246,26 +246,26 @@ psa_status_t mbedtls_transparent_test_driver_hash_compute( size_t *hash_length); psa_status_t mbedtls_transparent_test_driver_hash_setup( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ); psa_status_t mbedtls_transparent_test_driver_hash_clone( - const mbedtls_transparent_test_driver_hash_operation_t *source_operation, - mbedtls_transparent_test_driver_hash_operation_t *target_operation ); + const mbedtls_psa_hash_operation_t *source_operation, + mbedtls_psa_hash_operation_t *target_operation ); psa_status_t mbedtls_transparent_test_driver_hash_update( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_transparent_test_driver_hash_finish( - mbedtls_transparent_test_driver_hash_operation_t *operation, + mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ); psa_status_t mbedtls_transparent_test_driver_hash_abort( - mbedtls_transparent_test_driver_hash_operation_t *operation ); + mbedtls_psa_hash_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index cf2f07280..19671ec8a 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -600,7 +600,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_compute( } psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -614,7 +614,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( } psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -628,7 +628,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( } psa_status_t mbedtls_transparent_test_driver_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) { @@ -639,7 +639,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_update( } psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ) @@ -651,7 +651,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( } psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ) { @@ -662,7 +662,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( } psa_status_t mbedtls_transparent_test_driver_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation ) + mbedtls_psa_mac_operation_t *operation ) { return( mac_abort( operation ) ); } diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index c0948dc23..ba32954a7 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -291,37 +291,37 @@ psa_status_t mbedtls_transparent_test_driver_mac_compute( size_t *mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t mbedtls_transparent_test_driver_mac_update( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ); psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( - mbedtls_transparent_test_driver_mac_operation_t *operation, + mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); psa_status_t mbedtls_transparent_test_driver_mac_abort( - mbedtls_transparent_test_driver_mac_operation_t *operation ); + mbedtls_psa_mac_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ From 0859fe20f614c0da178987ca17b4c272c696483b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 09:10:31 +0200 Subject: [PATCH 10/29] psa: Fix hash max sizes The PSA max hash size has to be 64 if SHA512 or SHA384 is supported by the library or an accelerator, not just in case of the library. Signed-off-by: Ronald Cron --- include/psa/crypto_sizes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 2df315cca..e2ae5965d 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -129,7 +129,7 @@ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ -#if defined(MBEDTLS_SHA512_C) +#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 #else From 3a95d2b530f72c63946b2039ed5a653f06a376fe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 09:47:58 +0200 Subject: [PATCH 11/29] psa: Fix the size of hash buffers Fix the size of hash buffers for PSA hash operations. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 4 ++-- library/psa_crypto_mac.c | 2 +- library/ssl_cli.c | 7 ++++++- library/ssl_srv.c | 4 ++++ library/ssl_tls.c | 2 +- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ffe00c787..8e61b51ee 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2232,7 +2232,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation, const uint8_t *hash, size_t hash_length ) { - uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE]; + uint8_t actual_hash[PSA_HASH_MAX_SIZE]; size_t actual_hash_length; psa_status_t status = psa_hash_finish( operation, @@ -2275,7 +2275,7 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, size_t hash_length ) { - uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE]; + uint8_t actual_hash[PSA_HASH_MAX_SIZE]; size_t actual_hash_length; if( !PSA_ALG_IS_HASH( alg ) ) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 19671ec8a..cf20a9b63 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -127,7 +127,7 @@ static psa_status_t psa_hmac_finish_internal( uint8_t *mac, size_t mac_size ) { - uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; + uint8_t tmp[PSA_HASH_MAX_SIZE]; psa_algorithm_t hash_alg = hmac->alg; size_t hash_size = 0; size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 0e802e9dd..b87879ce6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -37,6 +37,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" +#include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include @@ -3242,7 +3243,11 @@ start_processing: if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { size_t sig_len, hashlen; - unsigned char hash[64]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char hash[PSA_HASH_MAX_SIZE]; +#else + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; +#endif mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index d9f226cd1..1a6317320 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3467,7 +3467,11 @@ curve_matching_done: { size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char hash[PSA_HASH_MAX_SIZE]; +#else unsigned char hash[MBEDTLS_MD_MAX_SIZE]; +#endif int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8195af2f9..9757f86c2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7529,7 +7529,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, goto exit; } - if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, + if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE, hashlen ) ) != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); From 2091eed60991c1b6166bb98d2aa40da4e02b0391 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 9 Apr 2021 11:09:54 +0200 Subject: [PATCH 12/29] psa: driver: Reduce the scope of test driver entry points Define test driver entry points that provide an alternative to Mbed TLS driver entry points only when the PSA configuration is used. Their purpose is only to test the PSA configuration thus there is no good reason to use them out of this scope. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 22 ++- library/psa_crypto_cipher.h | 4 +- library/psa_crypto_ecp.c | 12 +- library/psa_crypto_ecp.h | 4 +- library/psa_crypto_hash.c | 44 +++-- library/psa_crypto_hash.h | 4 +- library/psa_crypto_mac.c | 12 +- library/psa_crypto_mac.h | 4 +- library/psa_crypto_rsa.c | 12 +- library/psa_crypto_rsa.h | 4 +- tests/src/drivers/hash.c | 62 +++++++ tests/src/drivers/test_driver_cipher.c | 65 ++++++- .../src/drivers/test_driver_key_management.c | 161 ++++++++++-------- tests/src/drivers/test_driver_mac.c | 87 ++++++++++ tests/src/drivers/test_driver_signature.c | 95 ++++++++--- 15 files changed, 453 insertions(+), 139 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 713c3d17d..12e52fa42 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -32,25 +32,29 @@ #include #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) ) #define BUILTIN_KEY_TYPE_DES 1 #endif #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) ) #define BUILTIN_ALG_CBC_NO_PADDING 1 #endif #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) ) #define BUILTIN_ALG_CBC_PKCS7 1 #endif #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) ) #define BUILTIN_KEY_TYPE_CHACHA20 1 #endif @@ -150,7 +154,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) ) static psa_status_t cipher_setup( mbedtls_psa_cipher_operation_t *operation, @@ -569,7 +574,8 @@ exit: cipher_abort( &operation ); return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || + (PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG) */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) psa_status_t mbedtls_psa_cipher_encrypt_setup( @@ -658,7 +664,7 @@ psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, @@ -739,6 +745,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( alg, input, input_length, output, output_size, output_length ) ); } -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 5971e8d3f..b0d1939fb 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -308,7 +308,7 @@ psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, @@ -358,6 +358,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_CIPHER_H */ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3ce232c6b..83cc72df3 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -42,18 +42,21 @@ #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ) ) #define BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 #endif -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ +#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) ) #define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ defined(MBEDTLS_ECDSA_C) ) ) #define BUILTIN_ALG_ECDSA 1 @@ -61,6 +64,7 @@ #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \ defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) ) #define BUILTIN_ALG_DETERMINISTIC_ECDSA 1 @@ -567,7 +571,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) @@ -663,6 +667,6 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 0c2b92895..d1c765af5 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -222,7 +222,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_ecp_import_key( const psa_key_attributes_t *attributes, @@ -251,6 +251,6 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_ECP_H */ diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index 6ef6b0709..b9f2757ea 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -32,39 +32,57 @@ /* Use builtin defines specific to this compilation unit, since the test driver * relies on the software driver. */ #if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) ) #define BUILTIN_ALG_MD2 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) ) #define BUILTIN_ALG_MD4 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) ) #define BUILTIN_ALG_MD5 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) ) ) #define BUILTIN_ALG_RIPEMD160 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) ) ) #define BUILTIN_ALG_SHA_1 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) ) ) #define BUILTIN_ALG_SHA_224 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) ) ) #define BUILTIN_ALG_SHA_256 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) ) ) #define BUILTIN_ALG_SHA_384 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) ) ) #define BUILTIN_ALG_SHA_512 1 #endif @@ -123,7 +141,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) /* Implement the PSA driver hash interface on top of mbed TLS if either the * software driver or the test driver requires it. */ -#if defined(MBEDTLS_PSA_BUILTIN_HASH) || defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_BUILTIN_HASH) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) ) static psa_status_t hash_abort( mbedtls_psa_hash_operation_t *operation ) { @@ -525,7 +544,8 @@ exit: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_HASH || PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_BUILTIN_HASH || + ( PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG ) */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) psa_status_t mbedtls_psa_hash_compute( @@ -581,7 +601,7 @@ psa_status_t mbedtls_psa_hash_abort( /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) static int is_hash_accelerated( psa_algorithm_t alg ) { diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index e21905c0b..7afea4d3b 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -235,7 +235,7 @@ psa_status_t mbedtls_psa_hash_abort( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_hash_compute( psa_algorithm_t alg, @@ -267,6 +267,6 @@ psa_status_t mbedtls_transparent_test_driver_hash_finish( psa_status_t mbedtls_transparent_test_driver_hash_abort( mbedtls_psa_hash_operation_t *operation ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_HASH_H */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index cf20a9b63..d59178ef3 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -33,11 +33,15 @@ /* Use builtin defines specific to this compilation unit, since the test driver * relies on the software driver. */ #if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) ) #define BUILTIN_ALG_CMAC 1 #endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) ) + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) ) #define BUILTIN_ALG_HMAC 1 #endif @@ -560,7 +564,7 @@ psa_status_t mbedtls_psa_mac_abort( /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) static int is_mac_accelerated( psa_algorithm_t alg ) { @@ -667,6 +671,6 @@ psa_status_t mbedtls_transparent_test_driver_mac_abort( return( mac_abort( operation ) ); } -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index ba32954a7..80a644b57 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -277,7 +277,7 @@ psa_status_t mbedtls_psa_mac_abort( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_mac_compute( const psa_key_attributes_t *attributes, @@ -323,6 +323,6 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( psa_status_t mbedtls_transparent_test_driver_mac_abort( mbedtls_psa_mac_operation_t *operation ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_MAC_H */ diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 3b7191318..705cb413e 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -43,18 +43,21 @@ #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ) ) #define BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 #endif -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ +#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) ) #define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) ) #define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 @@ -62,6 +65,7 @@ #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) ) #define BUILTIN_ALG_RSA_PSS 1 @@ -624,7 +628,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) @@ -719,6 +723,6 @@ psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index 41a90f78e..881746227 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -216,7 +216,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ -#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) psa_status_t mbedtls_transparent_test_driver_rsa_import_key( const psa_key_attributes_t *attributes, @@ -245,6 +245,6 @@ psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_RSA_H */ diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index f95aa6b61..e61866096 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -45,10 +45,25 @@ psa_status_t mbedtls_test_transparent_hash_compute( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_compute( + alg, input, input_length, + hash, hash_size, hash_length ); +#else + (void) alg; + (void) input; + (void) input_length; + (void) hash; + (void) hash_size; + (void) hash_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -67,8 +82,17 @@ psa_status_t mbedtls_test_transparent_hash_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_setup( operation, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_setup( operation, alg ); +#else + (void) operation; + (void) alg; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -87,9 +111,18 @@ psa_status_t mbedtls_test_transparent_hash_clone( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_clone( source_operation, target_operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_clone( source_operation, target_operation ); +#else + (void) source_operation; + (void) target_operation; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -109,9 +142,19 @@ psa_status_t mbedtls_test_transparent_hash_update( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_update( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_update( operation, input, input_length ); +#else + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -132,9 +175,20 @@ psa_status_t mbedtls_test_transparent_hash_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_finish( operation, hash, hash_size, hash_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); +#else + (void) operation; + (void) hash; + (void) hash_size; + (void) hash_length; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); @@ -152,8 +206,16 @@ psa_status_t mbedtls_test_transparent_hash_abort( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_transparent_test_driver_hash_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + mbedtls_test_driver_hash_hooks.driver_status = + mbedtls_psa_hash_abort( operation ); +#else + (void) operation; + mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_hash_hooks.driver_status ); diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 6aca1938c..03c160de8 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -70,10 +70,19 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_encrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_decrypt( @@ -105,10 +114,19 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_decrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_decrypt( + attributes, key_buffer, key_buffer_size, + alg, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( @@ -128,8 +146,15 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); - return ( mbedtls_transparent_test_driver_cipher_encrypt_setup( - operation, attributes, key, key_length, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( @@ -143,8 +168,15 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); - return ( mbedtls_transparent_test_driver_cipher_decrypt_setup( - operation, attributes, key, key_length, alg ) ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_abort( @@ -155,7 +187,11 @@ psa_status_t mbedtls_test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_transparent_test_driver_cipher_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + mbedtls_psa_cipher_abort( operation ); +#endif /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory @@ -176,8 +212,14 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_set_iv( operation, iv, iv_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_update( @@ -206,9 +248,17 @@ psa_status_t mbedtls_test_transparent_cipher_update( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_update( operation, input, input_length, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_update( + operation, input, input_length, + output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_transparent_cipher_finish( @@ -235,8 +285,15 @@ psa_status_t mbedtls_test_transparent_cipher_finish( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_cipher_finish( operation, output, output_size, output_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) + return( mbedtls_psa_cipher_finish( + operation, output, output_size, output_length ) ); +#endif + + return( PSA_ERROR_NOT_SUPPORTED ); } /* diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 19e103331..73720e9d7 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -80,27 +80,32 @@ psa_status_t mbedtls_test_transparent_generate_key( return( PSA_SUCCESS ); } - /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) - if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) - && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecp_generate_key( attributes, key, key_size, key_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) + return( mbedtls_psa_ecp_generate_key( + attributes, key, key_size, key_length ) ); +#endif } - else -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */ - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) - if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) + else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_generate_key( attributes, key, key_size, key_length ) ); - else -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ - { - (void)attributes; - return( PSA_ERROR_NOT_SUPPORTED ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) + return( mbedtls_psa_rsa_generate_key( + attributes, key, key_size, key_length ) ); +#endif } + + (void)attributes; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_opaque_generate_key( @@ -128,45 +133,56 @@ psa_status_t mbedtls_test_transparent_import_key( if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_key_management_hooks.forced_status ); - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = psa_get_key_type( attributes ); -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( type ) ) { - status = mbedtls_transparent_test_driver_ecp_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); - } - else +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return( mbedtls_psa_ecp_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); #endif -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( type ) ) - { - status = mbedtls_transparent_test_driver_rsa_import_key( - attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); } - else -#endif + else if( PSA_KEY_TYPE_IS_RSA( type ) ) { - status = PSA_ERROR_NOT_SUPPORTED; - (void)data; - (void)data_length; - (void)key_buffer; - (void)key_buffer_size; - (void)key_buffer_length; - (void)bits; - (void)type; +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return( mbedtls_psa_rsa_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits ) ); +#endif } - return( status ); + (void)data; + (void)data_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + (void)bits; + (void)type; + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_opaque_export_key( @@ -255,39 +271,48 @@ psa_status_t mbedtls_test_transparent_export_public_key( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t key_type = psa_get_key_type( attributes ); -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { - status = mbedtls_transparent_test_driver_ecp_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ); - } - else +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return( mbedtls_psa_ecp_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); #endif -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( key_type ) ) - { - status = mbedtls_transparent_test_driver_rsa_export_public_key( - attributes, - key_buffer, key_buffer_size, - data, data_size, data_length ); } - else -#endif + else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { - status = PSA_ERROR_NOT_SUPPORTED; - (void)key_buffer; - (void)key_buffer_size; - (void)key_type; +#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) + return( mbedtls_transparent_test_driver_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return( mbedtls_psa_rsa_export_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length ) ); +#endif } - return( status ); + (void)key_buffer; + (void)key_buffer_size; + (void)key_type; + + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t mbedtls_test_opaque_export_public_key( diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 2294ecf64..6f8c3c4b9 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -51,11 +51,30 @@ psa_status_t mbedtls_test_transparent_mac_compute( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -77,9 +96,22 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -101,9 +133,22 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); +#else + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -123,9 +168,20 @@ psa_status_t mbedtls_test_transparent_mac_update( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_update( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_update( + operation, input, input_length ); +#else + (void) operation; + (void) input; + (void) input_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -146,9 +202,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_sign_finish( + operation, mac, mac_size, mac_length ); +#else + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -168,9 +236,20 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_finish( operation, mac, mac_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_verify_finish( + operation, mac, mac_length ); +#else + (void) operation; + (void) mac; + (void) mac_length; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); @@ -188,8 +267,16 @@ psa_status_t mbedtls_test_transparent_mac_abort( } else { +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_MAC) + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_psa_mac_abort( operation ); +#else + (void) operation; + mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif } return( mbedtls_test_driver_mac_hooks.driver_status ); diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 2e43270e5..cf7edc935 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -63,15 +63,22 @@ psa_status_t sign_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#endif } else { @@ -82,15 +89,22 @@ psa_status_t sign_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecdsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#endif } else { @@ -125,15 +139,22 @@ psa_status_t verify_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#endif } else { @@ -144,15 +165,22 @@ psa_status_t verify_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) return( mbedtls_transparent_test_driver_ecdsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + return( mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#endif } else { @@ -168,7 +196,6 @@ psa_status_t verify_hash( (void)hash_length; (void)signature; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); } @@ -204,16 +231,25 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( return( PSA_SUCCESS ); } +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_transparent_test_driver_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); - +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + status = mbedtls_psa_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); +#else + (void) input; + (void) input_length; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) return status; - return sign_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ); + return( sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_sign_message( @@ -259,16 +295,25 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_signature_verify_hooks.forced_status ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) status = mbedtls_transparent_test_driver_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); - +#elif defined(MBEDTLS_PSA_BUILTIN_HASH) + status = mbedtls_psa_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); +#else + (void) input; + (void) input_length; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if( status != PSA_SUCCESS ) return status; - return verify_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ); + return( verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_verify_message( From 7207d574ab593c9e0f76e66c5592702ac2fb04da Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Sep 2021 14:28:35 +0200 Subject: [PATCH 13/29] psa: asymmetric_encrypt/decrypt: Improve error code consistency In psa_asymmetric_encrypt/decrypt(), always return PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key and the algorithm is not a PSA algorithm we know about, whether RSA is supported or not. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 49 +++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 17 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8e61b51ee..706e0a7b8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3107,10 +3107,10 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; status = mbedtls_psa_rsa_load_representation( slot->attr.type, slot->key.data, @@ -3124,9 +3124,11 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, status = PSA_ERROR_BUFFER_TOO_SMALL; goto rsa_exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) status = mbedtls_to_psa_error( mbedtls_rsa_pkcs1_encrypt( rsa, mbedtls_psa_get_random, @@ -3135,12 +3137,14 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, input_length, input, output ) ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) psa_rsa_oaep_set_padding_mode( alg, rsa ); status = mbedtls_to_psa_error( mbedtls_rsa_rsaes_oaep_encrypt( rsa, @@ -3151,23 +3155,26 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, input_length, input, output ) ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; - goto rsa_exit; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) rsa_exit: if( status == PSA_SUCCESS ) *output_length = mbedtls_rsa_get_len( rsa ); mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - } - else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ + } + else { status = PSA_ERROR_NOT_SUPPORTED; } @@ -3213,10 +3220,10 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; status = mbedtls_psa_rsa_load_representation( slot->attr.type, slot->key.data, @@ -3230,10 +3237,12 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, status = PSA_ERROR_INVALID_ARGUMENT; goto rsa_exit; } +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) status = mbedtls_to_psa_error( mbedtls_rsa_pkcs1_decrypt( rsa, mbedtls_psa_get_random, @@ -3243,12 +3252,14 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, input, output, output_size ) ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) psa_rsa_oaep_set_padding_mode( alg, rsa ); status = mbedtls_to_psa_error( mbedtls_rsa_rsaes_oaep_decrypt( rsa, @@ -3260,20 +3271,24 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, input, output, output_size ) ); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) rsa_exit: mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - } - else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ + } + else { status = PSA_ERROR_NOT_SUPPORTED; } From 485559eeb56980c067a805cc657adce73a8c2cc8 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Apr 2021 14:29:00 +0200 Subject: [PATCH 14/29] psa: Fix unused variable warnings Signed-off-by: Ronald Cron --- library/psa_crypto_aead.c | 12 ++++++++++++ library/psa_crypto_driver_wrappers.c | 4 ++++ library/psa_crypto_mac.c | 1 + 3 files changed, 17 insertions(+) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 99f2e4d3a..b43287b35 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -151,6 +151,8 @@ static psa_status_t psa_aead_setup( #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ default: + (void) status; + (void) key_buffer; return( PSA_ERROR_NOT_SUPPORTED ); } @@ -252,6 +254,11 @@ psa_status_t mbedtls_psa_aead_encrypt( #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { (void) tag; + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) plaintext; return( PSA_ERROR_NOT_SUPPORTED ); } @@ -367,6 +374,11 @@ psa_status_t mbedtls_psa_aead_decrypt( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ { + (void) nonce; + (void) nonce_length; + (void) additional_data; + (void) additional_data_length; + (void) plaintext; return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f7240ceac..7ba245007 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -964,6 +964,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; + (void)operation; (void)key_buffer; (void)key_buffer_size; (void)alg; @@ -1035,6 +1036,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; + (void)operation; (void)key_buffer; (void)key_buffer_size; (void)alg; @@ -1606,6 +1608,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( default: /* Key is declared with a lifetime not known to us */ (void) status; + (void) operation; (void) key_buffer; (void) key_buffer_size; (void) alg; @@ -1677,6 +1680,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( default: /* Key is declared with a lifetime not known to us */ (void) status; + (void) operation; (void) key_buffer; (void) key_buffer_size; (void) alg; diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index d59178ef3..421d12e03 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -236,6 +236,7 @@ static psa_status_t mac_init( else #endif /* BUILTIN_ALG_HMAC */ { + (void) operation; status = PSA_ERROR_NOT_SUPPORTED; } From 088d5d0c1b070faaae39444de9cde1b4e83bd697 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 10 Apr 2021 16:57:30 +0200 Subject: [PATCH 15/29] psa: Add driver initialization and termination Signed-off-by: Ronald Cron --- library/psa_crypto.c | 13 +++---- library/psa_crypto_driver_wrappers.c | 38 +++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 6 +++ tests/include/test/drivers/key_management.h | 5 +++ .../src/drivers/test_driver_key_management.c | 20 ++++++++++ 5 files changed, 74 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 706e0a7b8..b08235c74 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5320,11 +5320,9 @@ void mbedtls_psa_crypto_free( void ) * In particular, this sets all state indicator to the value * indicating "uninitialized". */ mbedtls_platform_zeroize( &global_data, sizeof( global_data ) ); -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - /* Unregister all secure element drivers, so that we restart from - * a pristine state. */ - psa_unregister_all_se_drivers( ); -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Terminate drivers */ + psa_driver_wrapper_free( ); } #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) @@ -5373,11 +5371,10 @@ psa_status_t psa_crypto_init( void ) if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - status = psa_init_all_se_drivers( ); + /* Init drivers */ + status = psa_driver_wrapper_init( ); if( status != PSA_SUCCESS ) goto exit; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) status = psa_crypto_load_transaction( ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7ba245007..cc826df1e 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -66,6 +66,44 @@ #include "psa_crypto_se.h" #endif +psa_status_t psa_driver_wrapper_init( void ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + status = psa_init_all_se_drivers( ); + if( status != PSA_SUCCESS ) + return( status ); +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_init( ); + if( status != PSA_SUCCESS ) + return( status ); + + status = mbedtls_test_opaque_init( ); + if( status != PSA_SUCCESS ) + return( status ); +#endif + + (void) status; + return( PSA_SUCCESS ); +} + +void psa_driver_wrapper_free( void ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + /* Unregister all secure element drivers, so that we restart from + * a pristine state. */ + psa_unregister_all_se_drivers( ); +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_test_transparent_free( ); + mbedtls_test_opaque_free( ); +#endif +} + /* Start delegation functions */ psa_status_t psa_driver_wrapper_sign_message( const psa_key_attributes_t *attributes, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 38a6ee82a..3ba96d9a5 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -25,6 +25,12 @@ #include "psa/crypto.h" #include "psa/crypto_driver_common.h" +/* + * Initialization and termination functions + */ +psa_status_t psa_driver_wrapper_init( void ); +void psa_driver_wrapper_free( void ); + /* * Signature functions */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 45814fd03..bb08bf6b8 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -56,6 +56,11 @@ static inline mbedtls_test_driver_key_management_hooks_t extern mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks; +psa_status_t mbedtls_test_transparent_init( void ); +void mbedtls_test_transparent_free( void ); +psa_status_t mbedtls_test_opaque_init( void ); +void mbedtls_test_opaque_free( void ); + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 73720e9d7..3d8828549 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -60,6 +60,26 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; +psa_status_t mbedtls_test_transparent_init( void ) +{ + return( PSA_SUCCESS ); +} + +void mbedtls_test_transparent_free( void ) +{ + return; +} + +psa_status_t mbedtls_test_opaque_init( void ) +{ + return( PSA_SUCCESS ); +} + +void mbedtls_test_opaque_free( void ) +{ + return; +} + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) From d54303da7c3efc47a429b3e20845a8e857e7ed81 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 10 Apr 2021 15:12:00 +0200 Subject: [PATCH 16/29] psa: test driver: Move driver test entry points prototypes In preparation of the driver test entry points to be provided by a test driver library, move their prototypes to tests directory. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.h | 56 --------------------- library/psa_crypto_ecp.h | 34 ------------- library/psa_crypto_hash.h | 38 -------------- library/psa_crypto_mac.h | 52 ------------------- library/psa_crypto_rsa.h | 35 ------------- tests/include/test/drivers/cipher.h | 52 +++++++++++++++++++ tests/include/test/drivers/hash.h | 34 +++++++++++++ tests/include/test/drivers/key_management.h | 34 +++++++++++++ tests/include/test/drivers/mac.h | 48 ++++++++++++++++++ tests/include/test/drivers/signature.h | 29 +++++++++++ tests/src/drivers/test_driver_signature.c | 1 + 11 files changed, 198 insertions(+), 215 deletions(-) diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index b0d1939fb..bb4657dcd 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -304,60 +304,4 @@ psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, size_t output_size, size_t *output_length ); -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length ); - -psa_status_t mbedtls_transparent_test_driver_cipher_update( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t mbedtls_transparent_test_driver_cipher_finish( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t mbedtls_transparent_test_driver_cipher_abort( - mbedtls_psa_cipher_operation_t *operation ); - -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); - -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_CIPHER_H */ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index d1c765af5..feddd8a1e 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -218,39 +218,5 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); - -psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* PSA_CRYPTO_ECP_H */ diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 7afea4d3b..6b27c9b82 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -231,42 +231,4 @@ psa_status_t mbedtls_psa_hash_finish( psa_status_t mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ); -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t mbedtls_transparent_test_driver_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t mbedtls_transparent_test_driver_hash_setup( - mbedtls_psa_hash_operation_t *operation, - psa_algorithm_t alg ); - -psa_status_t mbedtls_transparent_test_driver_hash_clone( - const mbedtls_psa_hash_operation_t *source_operation, - mbedtls_psa_hash_operation_t *target_operation ); - -psa_status_t mbedtls_transparent_test_driver_hash_update( - mbedtls_psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t mbedtls_transparent_test_driver_hash_finish( - mbedtls_psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ); - -psa_status_t mbedtls_transparent_test_driver_hash_abort( - mbedtls_psa_hash_operation_t *operation ); - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_HASH_H */ diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 80a644b57..a821e7411 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -273,56 +273,4 @@ psa_status_t mbedtls_psa_mac_verify_finish( psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ); -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t mbedtls_transparent_test_driver_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t mbedtls_transparent_test_driver_mac_update( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( - mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ); - -psa_status_t mbedtls_transparent_test_driver_mac_abort( - mbedtls_psa_mac_operation_t *operation ); - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_MAC_H */ diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index 881746227..b76613e6c 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -212,39 +212,4 @@ psa_status_t mbedtls_psa_rsa_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); - -psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_RSA_H */ diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 4fe559618..053b0c34c 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -140,5 +140,57 @@ psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_update( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_finish( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_abort( + mbedtls_psa_cipher_operation_t *operation ); + +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index ebe83dee4..e0de79a28 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -76,5 +76,39 @@ psa_status_t mbedtls_test_transparent_hash_finish( psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_psa_hash_operation_t *operation ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); + +psa_status_t mbedtls_transparent_test_driver_hash_setup( + mbedtls_psa_hash_operation_t *operation, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_hash_clone( + const mbedtls_psa_hash_operation_t *source_operation, + mbedtls_psa_hash_operation_t *target_operation ); + +psa_status_t mbedtls_transparent_test_driver_hash_update( + mbedtls_psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_transparent_test_driver_hash_finish( + mbedtls_psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length ); + +psa_status_t mbedtls_transparent_test_driver_hash_abort( + mbedtls_psa_hash_operation_t *operation ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index bb08bf6b8..79572ad5d 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -98,5 +98,39 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_ecp_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits ); + +psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits ); + +psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index 7733dd341..f8e7a1191 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -137,5 +137,53 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ); +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_update( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_abort( + mbedtls_psa_mac_operation_t *operation ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 5e64edc3c..d2321ba09 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -124,5 +124,34 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); + +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index cf7edc935..443b52eef 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -33,6 +33,7 @@ #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" +#include "test/drivers/hash.h" #include "test/drivers/signature.h" #include "mbedtls/md.h" From 7b7854ed4bccb051b25e397f5db8e4f110eae055 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 13 Mar 2021 18:19:08 +0100 Subject: [PATCH 17/29] tests: Rename test driver entry points Rename test driver entry points to libtestdriver1_. This aligns with the renaming of all Mbed TLS APIs for the test driver library (that will be put in place in the following commits) to avoid name conflicts when linking it with the Mbed TLS library. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 17 +++++---- library/psa_crypto_ecp.c | 10 ++--- library/psa_crypto_hash.c | 12 +++--- library/psa_crypto_mac.c | 14 +++---- library/psa_crypto_rsa.c | 10 ++--- tests/include/test/drivers/cipher.h | 16 ++++---- tests/include/test/drivers/hash.h | 12 +++--- tests/include/test/drivers/key_management.h | 12 +++--- tests/include/test/drivers/mac.h | 14 +++---- tests/include/test/drivers/signature.h | 8 ++-- tests/src/drivers/hash.c | 14 +++---- tests/src/drivers/test_driver_cipher.c | 16 ++++---- .../src/drivers/test_driver_key_management.c | 12 +++--- tests/src/drivers/test_driver_mac.c | 14 +++---- tests/src/drivers/test_driver_signature.c | 37 ++++++++++--------- 15 files changed, 110 insertions(+), 108 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 12e52fa42..71dee2bd1 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -665,7 +665,7 @@ psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, */ #if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -675,7 +675,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -685,14 +685,14 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( +psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) { return( cipher_set_iv( operation, iv, iv_length ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_update( +psa_status_t libtestdriver1_mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length ) @@ -701,20 +701,20 @@ psa_status_t mbedtls_transparent_test_driver_cipher_update( output, output_size, output_length ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_finish( +psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ) { return( cipher_finish( operation, output, output_size, output_length ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_abort( +psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ) { return( cipher_abort( operation ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -730,7 +730,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( output, output_size, output_length ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -745,6 +745,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( alg, input, input_length, output, output_size, output_length ) ); } + #endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 83cc72df3..3fdcdb267 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -576,7 +576,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -587,7 +587,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key( key_buffer_length, bits ) ); } -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) @@ -601,7 +601,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ defined(MBEDTLS_GENPRIME) -psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { @@ -614,7 +614,7 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -640,7 +640,7 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( #endif } -psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index b9f2757ea..84ba84125 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -648,7 +648,7 @@ static int is_hash_accelerated( psa_algorithm_t alg ) } } -psa_status_t mbedtls_transparent_test_driver_hash_compute( +psa_status_t libtestdriver1_mbedtls_psa_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -663,7 +663,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_compute( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t mbedtls_transparent_test_driver_hash_setup( +psa_status_t libtestdriver1_mbedtls_psa_hash_setup( mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ) { @@ -673,7 +673,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_setup( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t mbedtls_transparent_test_driver_hash_clone( +psa_status_t libtestdriver1_mbedtls_psa_hash_clone( const mbedtls_psa_hash_operation_t *source_operation, mbedtls_psa_hash_operation_t *target_operation ) { @@ -683,7 +683,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_clone( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_hash_update( +psa_status_t libtestdriver1_mbedtls_psa_hash_update( mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ) @@ -694,7 +694,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_update( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_hash_finish( +psa_status_t libtestdriver1_mbedtls_psa_hash_finish( mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, @@ -706,7 +706,7 @@ psa_status_t mbedtls_transparent_test_driver_hash_finish( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_hash_abort( +psa_status_t libtestdriver1_mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ) { return( hash_abort( operation ) ); diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 421d12e03..fe15e9f6b 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -585,7 +585,7 @@ static int is_mac_accelerated( psa_algorithm_t alg ) } } -psa_status_t mbedtls_transparent_test_driver_mac_compute( +psa_status_t libtestdriver1_mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -604,7 +604,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_compute( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -618,7 +618,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -632,7 +632,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t mbedtls_transparent_test_driver_mac_update( +psa_status_t libtestdriver1_mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) @@ -643,7 +643,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_update( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, @@ -655,7 +655,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ) @@ -666,7 +666,7 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( return( PSA_ERROR_BAD_STATE ); } -psa_status_t mbedtls_transparent_test_driver_mac_abort( +psa_status_t libtestdriver1_mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ) { return( mac_abort( operation ) ); diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 705cb413e..4ee0adf9e 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -633,7 +633,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -644,7 +644,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key( key_buffer_length, bits ) ); } -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) @@ -657,7 +657,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) -psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { @@ -668,7 +668,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -695,7 +695,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( #endif } -psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 053b0c34c..cf24bbdcb 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -141,35 +141,35 @@ psa_status_t mbedtls_test_opaque_cipher_finish( uint8_t *output, size_t output_size, size_t *output_length); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( +psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_update( +psa_status_t libtestdriver1_mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_finish( +psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_abort( +psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ); -psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -180,7 +180,7 @@ psa_status_t mbedtls_transparent_test_driver_cipher_encrypt( size_t output_size, size_t *output_length ); -psa_status_t mbedtls_transparent_test_driver_cipher_decrypt( +psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index e0de79a28..2226841f1 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -78,7 +78,7 @@ psa_status_t mbedtls_test_transparent_hash_abort( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_hash_compute( +psa_status_t libtestdriver1_mbedtls_psa_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -86,26 +86,26 @@ psa_status_t mbedtls_transparent_test_driver_hash_compute( size_t hash_size, size_t *hash_length); -psa_status_t mbedtls_transparent_test_driver_hash_setup( +psa_status_t libtestdriver1_mbedtls_psa_hash_setup( mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_hash_clone( +psa_status_t libtestdriver1_mbedtls_psa_hash_clone( const mbedtls_psa_hash_operation_t *source_operation, mbedtls_psa_hash_operation_t *target_operation ); -psa_status_t mbedtls_transparent_test_driver_hash_update( +psa_status_t libtestdriver1_mbedtls_psa_hash_update( mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t mbedtls_transparent_test_driver_hash_finish( +psa_status_t libtestdriver1_mbedtls_psa_hash_finish( mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, size_t *hash_length ); -psa_status_t mbedtls_transparent_test_driver_hash_abort( +psa_status_t libtestdriver1_mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ); #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 79572ad5d..cff86f542 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -100,33 +100,33 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_ecp_import_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_import_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, size_t *bits ); -psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( +psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index f8e7a1191..b49a16b90 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -139,7 +139,7 @@ psa_status_t mbedtls_test_opaque_mac_abort( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_mac_compute( +psa_status_t libtestdriver1_mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -150,37 +150,37 @@ psa_status_t mbedtls_transparent_test_driver_mac_compute( size_t mac_size, size_t *mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_mac_update( +psa_status_t libtestdriver1_mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ); -psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( +psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ); -psa_status_t mbedtls_transparent_test_driver_mac_abort( +psa_status_t libtestdriver1_mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ); #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index d2321ba09..8ea2cfafe 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -127,25 +127,25 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( +psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index e61866096..99de56f1c 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -47,7 +47,7 @@ psa_status_t mbedtls_test_transparent_hash_compute( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_compute( + libtestdriver1_mbedtls_psa_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -84,7 +84,7 @@ psa_status_t mbedtls_test_transparent_hash_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_setup( operation, alg ); + libtestdriver1_mbedtls_psa_hash_setup( operation, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_setup( operation, alg ); @@ -113,8 +113,8 @@ psa_status_t mbedtls_test_transparent_hash_clone( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_clone( source_operation, - target_operation ); + libtestdriver1_mbedtls_psa_hash_clone( source_operation, + target_operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_clone( source_operation, target_operation ); @@ -144,7 +144,7 @@ psa_status_t mbedtls_test_transparent_hash_update( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_update( + libtestdriver1_mbedtls_psa_hash_update( operation, input, input_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = @@ -177,7 +177,7 @@ psa_status_t mbedtls_test_transparent_hash_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_finish( + libtestdriver1_mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = @@ -208,7 +208,7 @@ psa_status_t mbedtls_test_transparent_hash_abort( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_hash_hooks.driver_status = - mbedtls_transparent_test_driver_hash_abort( operation ); + libtestdriver1_mbedtls_psa_hash_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = mbedtls_psa_hash_abort( operation ); diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 03c160de8..b70ef61fc 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -71,7 +71,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_encrypt( + return( libtestdriver1_mbedtls_psa_cipher_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); @@ -115,7 +115,7 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_decrypt( + return( libtestdriver1_mbedtls_psa_cipher_decrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); @@ -147,7 +147,7 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_encrypt_setup( + return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup( operation, attributes, key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_encrypt_setup( @@ -169,7 +169,7 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_decrypt_setup( + return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup( operation, attributes, key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_decrypt_setup( @@ -188,7 +188,7 @@ psa_status_t mbedtls_test_transparent_cipher_abort( return( PSA_SUCCESS ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - mbedtls_transparent_test_driver_cipher_abort( operation ); + libtestdriver1_mbedtls_psa_cipher_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) mbedtls_psa_cipher_abort( operation ); #endif @@ -213,7 +213,7 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_set_iv( + return( libtestdriver1_mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); @@ -249,7 +249,7 @@ psa_status_t mbedtls_test_transparent_cipher_update( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_update( + return( libtestdriver1_mbedtls_psa_cipher_update( operation, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -286,7 +286,7 @@ psa_status_t mbedtls_test_transparent_cipher_finish( return( mbedtls_test_driver_cipher_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_cipher_finish( + return( libtestdriver1_mbedtls_psa_cipher_finish( operation, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_finish( diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 3d8828549..ce646bad7 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -105,7 +105,7 @@ psa_status_t mbedtls_test_transparent_generate_key( { #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecp_generate_key( + return( libtestdriver1_mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( mbedtls_psa_ecp_generate_key( @@ -116,7 +116,7 @@ psa_status_t mbedtls_test_transparent_generate_key( { #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_generate_key( + return( libtestdriver1_mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( mbedtls_psa_rsa_generate_key( @@ -160,7 +160,7 @@ psa_status_t mbedtls_test_transparent_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecp_import_key( + return( libtestdriver1_mbedtls_psa_ecp_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -179,7 +179,7 @@ psa_status_t mbedtls_test_transparent_import_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_import_key( + return( libtestdriver1_mbedtls_psa_rsa_import_key( attributes, data, data_length, key_buffer, key_buffer_size, @@ -298,7 +298,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecp_export_public_key( + return( libtestdriver1_mbedtls_psa_ecp_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); @@ -315,7 +315,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( #if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_export_public_key( + return( libtestdriver1_mbedtls_psa_rsa_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 6f8c3c4b9..a6c2c88a6 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -53,7 +53,7 @@ psa_status_t mbedtls_test_transparent_mac_compute( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_compute( + libtestdriver1_mbedtls_psa_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); @@ -98,7 +98,7 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_sign_setup( + libtestdriver1_mbedtls_psa_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -135,7 +135,7 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_verify_setup( + libtestdriver1_mbedtls_psa_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -170,7 +170,7 @@ psa_status_t mbedtls_test_transparent_mac_update( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_update( + libtestdriver1_mbedtls_psa_mac_update( operation, input, input_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_sign_finish( + libtestdriver1_mbedtls_psa_mac_sign_finish( operation, mac, mac_size, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -238,7 +238,7 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_verify_finish( + libtestdriver1_mbedtls_psa_mac_verify_finish( operation, mac, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = @@ -269,7 +269,7 @@ psa_status_t mbedtls_test_transparent_mac_abort( { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) mbedtls_test_driver_mac_hooks.driver_status = - mbedtls_transparent_test_driver_mac_abort( operation ); + libtestdriver1_mbedtls_psa_mac_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_abort( operation ); diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 443b52eef..a656287b6 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -35,6 +35,7 @@ #include "test/drivers/hash.h" #include "test/drivers/signature.h" +#include "test/drivers/hash.h" #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" @@ -67,18 +68,18 @@ psa_status_t sign_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_sign_hash( + return( libtestdriver1_mbedtls_psa_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); #endif } else @@ -93,7 +94,7 @@ psa_status_t sign_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, @@ -143,18 +144,18 @@ psa_status_t verify_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_rsa_verify_hash( + return( libtestdriver1_mbedtls_psa_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - return( mbedtls_psa_rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); #endif } else @@ -169,7 +170,7 @@ psa_status_t verify_hash( #if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ defined(MBEDTLS_PSA_CRYPTO_CONFIG) - return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, @@ -233,7 +234,7 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( } #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_transparent_test_driver_hash_compute( + status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -297,7 +298,7 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( return( mbedtls_test_driver_signature_verify_hooks.forced_status ); #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - status = mbedtls_transparent_test_driver_hash_compute( + status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -361,9 +362,9 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - return sign_hash( attributes, key_buffer, key_buffer_size, + return( sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_size, signature_length ); + signature, signature_size, signature_length ) ); } psa_status_t mbedtls_test_opaque_signature_sign_hash( From df885c052c701b89c24ad5f305114f8f8b39d750 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Apr 2021 18:29:24 +0200 Subject: [PATCH 18/29] tests: Add build of a PSA test driver library PR #3959 has proven that by adding a prefix (LIBTESTDRIVER1/libtestdriver1_ in this commit) to all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy of the Mbed TLS library, we can build a library that can be linked with the Mbed TLS library. This commit leverages this to build a PSA test driver library based on the Mbed TLS library code. The cryptographic features supported by the test library are defined by: . a minimal configuration (in the sense of config.h), see config_test_driver.h . PSA_WANT_* and PSA_ACCEL_* defined macros. The PSA_WANT_* macros have to be the same as the ones used to build the Mbed TLS library the test driver library is supposed to be linked to as the PSA_WANT_* macros are used in the definition of structures and macros that are shared by the PSA crypto core, Mbed TLS drivers and the driver test library. The PSA_ACCEL_* macros are intended to define the cryptographic features that have to be removed from the Mbed TLS library and thus supported by the test library in test scenarios. The PSA_ACCEL_* macros to build the test library are thus mirrored from the ones to build the Mbed TLS library by extended the crypto_config.h: see crypto_config_test_driver_entension.h. Signed-off-by: Ronald Cron --- tests/.gitignore | 2 + tests/Makefile | 45 ++++ .../include/test/drivers/config_test_driver.h | 57 +++++ .../crypto_config_test_driver_extension.h | 229 ++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 + 5 files changed, 335 insertions(+) create mode 100644 tests/include/test/drivers/config_test_driver.h create mode 100644 tests/include/test/drivers/crypto_config_test_driver_extension.h diff --git a/tests/.gitignore b/tests/.gitignore index d9f4b5178..8f7315d4f 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -13,3 +13,5 @@ include/test/instrument_record_status.h src/*.o src/drivers/*.o src/libmbed* + +libtestdriver1/* diff --git a/tests/Makefile b/tests/Makefile index 5c59607d4..6e232c974 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -144,6 +144,7 @@ ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/libmbed* rm -f include/test/instrument_record_status.h + rm -rf libtestdriver1 else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe @@ -160,6 +161,50 @@ check: $(BINARIES) test: check +# Generate test library + +# Perl code that is executed to transform each original line from a library +# source file into the corresponding line in the test driver copy of the +# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx +# symbols. +define libtestdriver1_rewrite := + s!^(\s*#\s*include\s*[\"<])(mbedtls|psa)/!$${1}libtestdriver1/include/$${2}/!; \ + next if /^\s*#\s*include/; \ + s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \ + s/\b(?=mbedtls_|psa_)/libtestdriver1_/g; +endef + +libtestdriver1.a: + # Copy the library and fake a 3rdparty Makefile include. + rm -Rf ./libtestdriver1 + mkdir ./libtestdriver1 + cp -Rf ../library ./libtestdriver1 + cp -Rf ../include ./libtestdriver1 + mkdir ./libtestdriver1/3rdparty + touch ./libtestdriver1/3rdparty/Makefile.inc + + # Set the test driver base (minimal) configuration. + cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/config.h + + # Set the PSA cryptography configuration for the test library. + # It is set from the copied include/psa/crypto_config.h of the Mbed TLS + # library the test library is intended to be linked with extended by + # ./include/test/drivers/crypto_config_test_driver_extension.h to + # mirror the PSA_ACCEL_* macros. + mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak + head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h + cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h + echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h + + # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as + # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash + # when this test driver library is linked with the Mbed TLS library. + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h + + $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a + cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a + ifdef RECORD_PSA_STATUS_COVERAGE_LOG include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile echo " Gen $@" diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h new file mode 100644 index 000000000..0b5a6499a --- /dev/null +++ b/tests/include/test/drivers/config_test_driver.h @@ -0,0 +1,57 @@ +/** + * \file config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#define MBEDTLS_PSA_CRYPTO_C +#define MBEDTLS_PSA_CRYPTO_CONFIG + +/* PSA core mandatory configuration options */ +#define MBEDTLS_CIPHER_C +#define MBEDTLS_AES_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 +#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_ENTROPY_C + +/* + * Configuration options that may need to be additionally enabled for the + * purpose of a specific set of tests. + */ +//#define MBEDTLS_SHA1_C +//#define MBEDTLS_SHA512_C +//#define MBEDTLS_PEM_PARSE_C +//#define MBEDTLS_BASE64_C + +#include "mbedtls/config_psa.h" +#include "mbedtls/check_config.h" + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h new file mode 100644 index 000000000..f4f95dcfc --- /dev/null +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -0,0 +1,229 @@ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ + +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB) +#undef MBEDTLS_PSA_ACCEL_ALG_CFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_CFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CTR) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) +#undef MBEDTLS_PSA_ACCEL_ALG_CTR +#else +#define MBEDTLS_PSA_ACCEL_ALG_CTR 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA +#else +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD2) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) +#undef MBEDTLS_PSA_ACCEL_ALG_MD2 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD2 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD4) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) +#undef MBEDTLS_PSA_ACCEL_ALG_MD4 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD4 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_MD5) +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#undef MBEDTLS_PSA_ACCEL_ALG_MD5 +#else +#define MBEDTLS_PSA_ACCEL_ALG_MD5 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_OFB) +#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB) +#undef MBEDTLS_PSA_ACCEL_ALG_OFB +#else +#define MBEDTLS_PSA_ACCEL_ALG_OFB 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#else +#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_1) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_224) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_384) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA_512) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_XTS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) +#undef MBEDTLS_PSA_ACCEL_ALG_XTS +#else +#define MBEDTLS_PSA_ACCEL_ALG_XTS 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_AES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR 1 +#endif +#endif + +#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 +#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 +#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 + +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 +#endif + +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 962e8680c..08972c3f8 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -248,6 +248,8 @@ + + From b814bdabe48d0297a7780739e99c70d966e75455 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 13 Sep 2021 14:50:42 +0200 Subject: [PATCH 19/29] Move to separately compiled PSA test driver library This commit removes the test_psa_crypto_config_basic all.sh component that can no longer work without adapting it to the separately compiled test driver library. This component is replaced by several components in the following commits to test various type of acceleration independently. Signed-off-by: Ronald Cron --- include/psa/crypto_builtin_composites.h | 13 ----- include/psa/crypto_builtin_primitives.h | 25 --------- .../psa/crypto_driver_contexts_composites.h | 35 ++++++++++++- .../psa/crypto_driver_contexts_primitives.h | 52 ++++++++++++++++++- tests/include/test/drivers/cipher.h | 52 ------------------- tests/include/test/drivers/hash.h | 34 ------------ tests/include/test/drivers/key_management.h | 34 ------------ tests/include/test/drivers/mac.h | 48 ----------------- tests/include/test/drivers/signature.h | 29 ----------- tests/scripts/all.sh | 40 -------------- tests/scripts/check_names.py | 3 +- tests/src/drivers/hash.c | 22 +++++--- tests/src/drivers/test_driver_cipher.c | 42 ++++++++++----- .../src/drivers/test_driver_key_management.c | 52 +++++++++++-------- tests/src/drivers/test_driver_mac.c | 36 +++++++++---- tests/src/drivers/test_driver_signature.c | 44 +++++++++------- 16 files changed, 212 insertions(+), 349 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 1d11b003e..a875b2370 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -76,17 +76,4 @@ typedef struct #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} -/* - * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. - */ -#if defined(PSA_CRYPTO_DRIVER_TEST) - -typedef mbedtls_psa_mac_operation_t mbedtls_transparent_test_driver_mac_operation_t; -typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t; - -#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT -#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT - -#endif /* PSA_CRYPTO_DRIVER_TEST */ - #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index d7a69e54e..a268e5369 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -121,29 +121,4 @@ typedef struct { #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} -/* - * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. - */ -#if defined(PSA_CRYPTO_DRIVER_TEST) - -typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operation_t; - -#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT MBEDTLS_PSA_HASH_OPERATION_INIT - -typedef mbedtls_psa_cipher_operation_t - mbedtls_transparent_test_driver_cipher_operation_t; - -typedef struct { - unsigned int initialised : 1; - mbedtls_transparent_test_driver_cipher_operation_t ctx; -} mbedtls_opaque_test_driver_cipher_operation_t; - -#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ - MBEDTLS_PSA_CIPHER_OPERATION_INIT - -#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ - { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } - -#endif /* PSA_CRYPTO_DRIVER_TEST */ - #endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 239fdcb33..a7220091e 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -36,11 +36,42 @@ #include "psa/crypto_driver_common.h" +/* Include the context structure definitions for the Mbed TLS software drivers */ +#include "psa/crypto_builtin_composites.h" + /* Include the context structure definitions for those drivers that were * declared during the autogeneration process. */ -/* Include the context structure definitions for the Mbed TLS software drivers */ -#include "psa/crypto_builtin_composites.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) +typedef libtestdriver1_mbedtls_psa_mac_operation_t + mbedtls_transparent_test_driver_mac_operation_t; +typedef libtestdriver1_mbedtls_psa_mac_operation_t + mbedtls_opaque_test_driver_mac_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT + +#else +typedef mbedtls_psa_mac_operation_t + mbedtls_transparent_test_driver_mac_operation_t; +typedef mbedtls_psa_mac_operation_t + mbedtls_opaque_test_driver_mac_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \ + MBEDTLS_PSA_MAC_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \ + MBEDTLS_PSA_MAC_OPERATION_INIT + +#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Define the context to be used for an operation that is executed through the * PSA Driver wrapper layer as the union of all possible driver's contexts. diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 104d4bdb6..2bb01ed43 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -35,11 +35,59 @@ #include "psa/crypto_driver_common.h" +/* Include the context structure definitions for the Mbed TLS software drivers */ +#include "psa/crypto_builtin_primitives.h" + /* Include the context structure definitions for those drivers that were * declared during the autogeneration process. */ -/* Include the context structure definitions for the Mbed TLS software drivers */ -#include "psa/crypto_builtin_primitives.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) +typedef libtestdriver1_mbedtls_psa_cipher_operation_t + mbedtls_transparent_test_driver_cipher_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT +#else +typedef mbedtls_psa_cipher_operation_t + mbedtls_transparent_test_driver_cipher_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ + MBEDTLS_PSA_CIPHER_OPERATION_INIT +#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && + LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER */ + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) +typedef libtestdriver1_mbedtls_psa_hash_operation_t + mbedtls_transparent_test_driver_hash_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT +#else +typedef mbedtls_psa_hash_operation_t + mbedtls_transparent_test_driver_hash_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \ + MBEDTLS_PSA_HASH_OPERATION_INIT +#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && + LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH */ + +typedef struct { + unsigned int initialised : 1; + mbedtls_transparent_test_driver_cipher_operation_t ctx; +} mbedtls_opaque_test_driver_cipher_operation_t; + +#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ + { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } + +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Define the context to be used for an operation that is executed through the * PSA Driver wrapper layer as the union of all possible driver's contexts. diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index cf24bbdcb..4fe559618 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -140,57 +140,5 @@ psa_status_t mbedtls_test_opaque_cipher_finish( mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_update( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( - mbedtls_psa_cipher_operation_t *operation ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ); -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index 2226841f1..ebe83dee4 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -76,39 +76,5 @@ psa_status_t mbedtls_test_transparent_hash_finish( psa_status_t mbedtls_test_transparent_hash_abort( mbedtls_psa_hash_operation_t *operation ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length); - -psa_status_t libtestdriver1_mbedtls_psa_hash_setup( - mbedtls_psa_hash_operation_t *operation, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_clone( - const mbedtls_psa_hash_operation_t *source_operation, - mbedtls_psa_hash_operation_t *target_operation ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_update( - mbedtls_psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_finish( - mbedtls_psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ); - -psa_status_t libtestdriver1_mbedtls_psa_hash_abort( - mbedtls_psa_hash_operation_t *operation ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index cff86f542..bb08bf6b8 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -98,39 +98,5 @@ psa_status_t mbedtls_test_opaque_get_builtin_key( psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index b49a16b90..7733dd341 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -137,53 +137,5 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_update( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( - mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ); - -psa_status_t libtestdriver1_mbedtls_psa_mac_abort( - mbedtls_psa_mac_operation_t *operation ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 8ea2cfafe..5e64edc3c 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -124,34 +124,5 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); - -psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b10dc6eef..b1caf6e99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1591,46 +1591,6 @@ component_test_no_use_psa_crypto_full_cmake_asan() { env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } -component_test_psa_crypto_config_basic() { - # Test the library excluding all Mbed TLS cryptographic support for which - # we have an accelerator support. Acceleration is faked with the - # transparent test driver. - msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + as much acceleration as supported" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - - # There is no intended accelerator support for ALG STREAM_CIPHER and - # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the - # inclusion of the Mbed TLS cipher operations. As we want to test here with - # cipher operations solely supported by accelerators, disabled those - # PSA configuration options. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - - # Don't test DES encryption as: - # 1) It is not an issue if we don't test all cipher types here. - # 2) That way we don't have to modify in psa_crypto.c the compilation - # guards MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES for the code they guard to be - # available to the test driver. Modifications that we would need to - # revert when we move to compile the test driver separately. - # We also disable MBEDTLS_DES_C as the dependencies on DES in PSA test - # suites are still based on MBEDTLS_DES_C and not PSA_WANT_KEY_TYPE_DES. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES - scripts/config.py unset MBEDTLS_DES_C - - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" - loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - loc_cflags="${loc_cflags} -I../tests/include -O2" - - make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" - unset loc_cflags - - msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" - make test -} - component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index cae722e58..4e078e321 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -779,7 +779,8 @@ class NameChecker(): match.name for match in self.parse_result["macros"] + self.parse_result["enum_consts"]} - typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$") + typo_exclusion = re.compile(r"XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$|" + r"MBEDTLS_TEST_LIBTESTDRIVER*") for name_match in self.parse_result["mbed_words"]: found = name_match.name in all_caps_names diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 99de56f1c..0d59bee40 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -28,6 +28,10 @@ #include "test/drivers/hash.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_hash.h" +#endif + mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; @@ -45,7 +49,8 @@ psa_status_t mbedtls_test_transparent_hash_compute( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_compute( alg, input, input_length, @@ -82,7 +87,8 @@ psa_status_t mbedtls_test_transparent_hash_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_setup( operation, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -111,7 +117,8 @@ psa_status_t mbedtls_test_transparent_hash_clone( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_clone( source_operation, target_operation ); @@ -142,7 +149,8 @@ psa_status_t mbedtls_test_transparent_hash_update( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_update( operation, input, input_length ); @@ -175,7 +183,8 @@ psa_status_t mbedtls_test_transparent_hash_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_finish( operation, hash, hash_size, hash_length ); @@ -206,7 +215,8 @@ psa_status_t mbedtls_test_transparent_hash_abort( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) mbedtls_test_driver_hash_hooks.driver_status = libtestdriver1_mbedtls_psa_hash_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_HASH) diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index b70ef61fc..4f651b937 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -34,6 +34,10 @@ #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_cipher.h" +#endif + #include mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks = @@ -70,9 +74,11 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt( psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_encrypt( - attributes, key_buffer, key_buffer_size, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -114,9 +120,11 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_decrypt( - attributes, key_buffer, key_buffer_size, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -146,9 +154,12 @@ psa_status_t mbedtls_test_transparent_cipher_encrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - operation, attributes, key, key_length, alg ) ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_encrypt_setup( operation, attributes, key, key_length, alg ) ); @@ -168,9 +179,12 @@ psa_status_t mbedtls_test_transparent_cipher_decrypt_setup( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - operation, attributes, key, key_length, alg ) ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_length, alg ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) return( mbedtls_psa_cipher_decrypt_setup( operation, attributes, key, key_length, alg ) ); @@ -187,7 +201,8 @@ psa_status_t mbedtls_test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) libtestdriver1_mbedtls_psa_cipher_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) mbedtls_psa_cipher_abort( operation ); @@ -212,7 +227,8 @@ psa_status_t mbedtls_test_transparent_cipher_set_iv( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_set_iv( operation, iv, iv_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -248,7 +264,8 @@ psa_status_t mbedtls_test_transparent_cipher_update( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_update( operation, input, input_length, output, output_size, output_length ) ); @@ -285,7 +302,8 @@ psa_status_t mbedtls_test_transparent_cipher_finish( if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_cipher_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER) return( libtestdriver1_mbedtls_psa_cipher_finish( operation, output, output_size, output_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_CIPHER) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index ce646bad7..1cff3cb59 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -33,9 +33,13 @@ #include "mbedtls/error.h" #include "test/drivers/key_management.h" - #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#endif + #include mbedtls_test_driver_key_management_hooks_t @@ -103,10 +107,11 @@ psa_status_t mbedtls_test_transparent_generate_key( if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( libtestdriver1_mbedtls_psa_ecp_generate_key( - attributes, key, key_size, key_length ) ); + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) return( mbedtls_psa_ecp_generate_key( attributes, key, key_size, key_length ) ); @@ -114,10 +119,11 @@ psa_status_t mbedtls_test_transparent_generate_key( } else if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR ) { -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( libtestdriver1_mbedtls_psa_rsa_generate_key( - attributes, key, key_size, key_length ) ); + (const libtestdriver1_psa_key_attributes_t *)attributes, + key, key_size, key_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return( mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length ) ); @@ -157,11 +163,11 @@ psa_status_t mbedtls_test_transparent_import_key( if( PSA_KEY_TYPE_IS_ECC( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_ecp_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits ) ); @@ -176,11 +182,11 @@ psa_status_t mbedtls_test_transparent_import_key( } else if( PSA_KEY_TYPE_IS_RSA( type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_rsa_import_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits ) ); @@ -295,11 +301,11 @@ psa_status_t mbedtls_test_transparent_export_public_key( if( PSA_KEY_TYPE_IS_ECC( key_type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_ecp_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ @@ -312,11 +318,11 @@ psa_status_t mbedtls_test_transparent_export_public_key( } else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) ) return( libtestdriver1_mbedtls_psa_rsa_export_public_key( - attributes, + (const libtestdriver1_psa_key_attributes_t *)attributes, key_buffer, key_buffer_size, data, data_size, data_length ) ); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index a6c2c88a6..06b6eb77a 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -28,6 +28,10 @@ #include "test/drivers/mac.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_mac.h" +#endif + mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; @@ -51,10 +55,12 @@ psa_status_t mbedtls_test_transparent_mac_compute( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_compute( - attributes, key_buffer, key_buffer_size, alg, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) @@ -96,10 +102,13 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_sign_setup( @@ -133,10 +142,13 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_setup( - operation, attributes, key_buffer, key_buffer_size, alg ); + operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = mbedtls_psa_mac_verify_setup( @@ -168,7 +180,8 @@ psa_status_t mbedtls_test_transparent_mac_update( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_update( operation, input, input_length ); @@ -202,7 +215,8 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_sign_finish( operation, mac, mac_size, mac_length ); @@ -236,7 +250,8 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_verify_finish( operation, mac, mac_length ); @@ -267,7 +282,8 @@ psa_status_t mbedtls_test_transparent_mac_abort( } else { -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC) mbedtls_test_driver_mac_hooks.driver_status = libtestdriver1_mbedtls_psa_mac_abort( operation ); #elif defined(MBEDTLS_PSA_BUILTIN_MAC) diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index a656287b6..3de43a8ad 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -42,6 +42,12 @@ #include "test/random.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_hash.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#endif + #include mbedtls_test_driver_signature_hooks_t @@ -65,11 +71,11 @@ psa_status_t sign_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) return( libtestdriver1_mbedtls_psa_rsa_sign_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); @@ -91,11 +97,11 @@ psa_status_t sign_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ) ); @@ -141,11 +147,11 @@ psa_status_t verify_hash( if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) || PSA_ALG_IS_RSA_PSS( alg) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ) return( libtestdriver1_mbedtls_psa_rsa_verify_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); @@ -167,11 +173,11 @@ psa_status_t verify_hash( { if( PSA_ALG_IS_ECDSA( alg ) ) { -#if ( defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) ) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - attributes, + (const libtestdriver1_psa_key_attributes_t *) attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ) ); @@ -233,7 +239,8 @@ psa_status_t mbedtls_test_transparent_signature_sign_message( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); @@ -297,7 +304,8 @@ psa_status_t mbedtls_test_transparent_signature_verify_message( if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( mbedtls_test_driver_signature_verify_hooks.forced_status ); -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH) status = libtestdriver1_mbedtls_psa_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, hash, sizeof( hash ), &hash_length ); From cfc3c7b593d1a1cd49d3984d8b2a6f3adca36436 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 13 Mar 2021 18:50:11 +0100 Subject: [PATCH 20/29] psa: Remove test code in the library The current testing of the PSA configuration is based on test code located in the library itself. Remove this code as we are moving to using a test library instead. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 343 ++++-------------- library/psa_crypto_ecp.c | 248 ++----------- library/psa_crypto_hash.c | 340 +++-------------- library/psa_crypto_mac.c | 318 ++++------------ library/psa_crypto_rsa.c | 260 ++----------- tests/include/test/drivers/hash.h | 2 +- .../src/drivers/test_driver_key_management.c | 13 + 7 files changed, 273 insertions(+), 1251 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 71dee2bd1..6dfaae990 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -31,34 +31,6 @@ #include -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) ) -#define BUILTIN_KEY_TYPE_DES 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) ) -#define BUILTIN_ALG_CBC_NO_PADDING 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) ) -#define BUILTIN_ALG_CBC_PKCS7 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) ) -#define BUILTIN_KEY_TYPE_CHACHA20 1 -#endif - const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( psa_algorithm_t alg, psa_key_type_t key_type, @@ -154,10 +126,9 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) ) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) -static psa_status_t cipher_setup( +static psa_status_t psa_cipher_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -184,7 +155,7 @@ static psa_status_t cipher_setup( if( ret != 0 ) goto exit; -#if defined(BUILTIN_KEY_TYPE_DES) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ @@ -204,8 +175,8 @@ static psa_status_t cipher_setup( if( ret != 0 ) goto exit; -#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \ - defined(BUILTIN_ALG_CBC_PKCS7) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) switch( alg ) { case PSA_ALG_CBC_NO_PADDING: @@ -223,7 +194,8 @@ static psa_status_t cipher_setup( } if( ret != 0 ) goto exit; -#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || + MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); @@ -233,30 +205,31 @@ exit: return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t cipher_encrypt_setup( +psa_status_t mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - return( cipher_setup( operation, attributes, - key_buffer, key_buffer_size, - alg, MBEDTLS_ENCRYPT ) ); + return( psa_cipher_setup( operation, attributes, + key_buffer, key_buffer_size, + alg, MBEDTLS_ENCRYPT ) ); } -static psa_status_t cipher_decrypt_setup( +psa_status_t mbedtls_psa_cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { - return( cipher_setup( operation, attributes, - key_buffer, key_buffer_size, - alg, MBEDTLS_DECRYPT ) ); + return( psa_cipher_setup( operation, attributes, + key_buffer, key_buffer_size, + alg, MBEDTLS_DECRYPT ) ); } -static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length ) +psa_status_t mbedtls_psa_cipher_set_iv( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ) { if( iv_length != operation->iv_length ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -370,12 +343,10 @@ exit: return( status ); } -static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t mbedtls_psa_cipher_update( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; @@ -422,10 +393,9 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation, return( status ); } -static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t mbedtls_psa_cipher_finish( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; @@ -461,7 +431,8 @@ exit: return( status ); } -static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation ) +psa_status_t mbedtls_psa_cipher_abort( + mbedtls_psa_cipher_operation_t *operation ) { /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ @@ -473,46 +444,50 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation ) return( PSA_SUCCESS ); } -static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t mbedtls_psa_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; size_t olength, accumulated_length; - status = cipher_encrypt_setup( &operation, attributes, - key_buffer, key_buffer_size, alg ); + status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes, + key_buffer, key_buffer_size, + alg ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = 0; if( operation.iv_length > 0 ) { - status = cipher_set_iv( &operation, output, operation.iv_length ); + status = mbedtls_psa_cipher_set_iv( &operation, + output, operation.iv_length ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = operation.iv_length; } - status = cipher_update( &operation, input, input_length, - output + operation.iv_length, - output_size - operation.iv_length, - &olength ); + status = mbedtls_psa_cipher_update( &operation, input, input_length, + output + operation.iv_length, + output_size - operation.iv_length, + &olength ); if( status != PSA_SUCCESS ) goto exit; accumulated_length += olength; - status = cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, &olength ); + status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, + output_size - accumulated_length, + &olength ); if( status != PSA_SUCCESS ) goto exit; @@ -520,48 +495,53 @@ static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes, exit: if( status == PSA_SUCCESS ) - status = cipher_abort( &operation ); + status = mbedtls_psa_cipher_abort( &operation ); else - cipher_abort( &operation ); + mbedtls_psa_cipher_abort( &operation ); + return( status ); } -static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t mbedtls_psa_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT; size_t olength, accumulated_length; - status = cipher_decrypt_setup( &operation, attributes, - key_buffer, key_buffer_size, alg ); + status = mbedtls_psa_cipher_decrypt_setup( &operation, attributes, + key_buffer, key_buffer_size, + alg ); if( status != PSA_SUCCESS ) goto exit; if( operation.iv_length > 0 ) { - status = cipher_set_iv( &operation, input, operation.iv_length ); + status = mbedtls_psa_cipher_set_iv( &operation, + input, operation.iv_length ); if( status != PSA_SUCCESS ) goto exit; } - status = cipher_update( &operation, input + operation.iv_length, - input_length - operation.iv_length, - output, output_size, &olength ); + status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length, + input_length - operation.iv_length, + output, output_size, &olength ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = olength; - status = cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, &olength ); + status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, + output_size - accumulated_length, + &olength ); if( status != PSA_SUCCESS ) goto exit; @@ -569,183 +549,12 @@ static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes, exit: if ( status == PSA_SUCCESS ) - status = cipher_abort( &operation ); + status = mbedtls_psa_cipher_abort( &operation ); else - cipher_abort( &operation ); + mbedtls_psa_cipher_abort( &operation ); + return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || - (PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG) */ - -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) -psa_status_t mbedtls_psa_cipher_encrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( cipher_encrypt_setup( - operation, attributes, key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t mbedtls_psa_cipher_decrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( cipher_decrypt_setup( - operation, attributes, key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length ) -{ - return( cipher_set_iv( operation, iv, iv_length ) ); -} - -psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_update( operation, input, input_length, - output, output_size, output_length ) ); -} - -psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_finish( operation, output, output_size, output_length ) ); -} - -psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ) -{ - return( cipher_abort( operation ) ); -} - -psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); -} - -psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_decrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); -} #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( cipher_encrypt_setup( - operation, attributes, key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt_setup( - mbedtls_psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( cipher_decrypt_setup( - operation, attributes, key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_set_iv( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length ) -{ - return( cipher_set_iv( operation, iv, iv_length ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_update( - mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, size_t *output_length ) -{ - return( cipher_update( operation, input, input_length, - output, output_size, output_length ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_finish( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length ) -{ - return( cipher_finish( operation, output, output_size, output_length ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_abort( - mbedtls_psa_cipher_operation_t *operation ) -{ - return( cipher_abort( operation ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_encrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_encrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_cipher_decrypt( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - return( cipher_decrypt( attributes, key_buffer, key_buffer_size, - alg, input, input_length, - output, output_size, output_length ) ); -} - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 3fdcdb267..db6682c6d 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -40,40 +40,10 @@ #include #include -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ) ) -#define BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) ) -#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ - defined(MBEDTLS_ECDSA_C) ) ) -#define BUILTIN_ALG_ECDSA 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \ - defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) ) -#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1 -#endif - -#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(BUILTIN_ALG_ECDSA) || \ - defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, @@ -185,16 +155,16 @@ exit: return( status ); } -#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || - * defined(BUILTIN_ALG_ECDSA) || - * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ -#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) -static psa_status_t ecp_import_key( +psa_status_t mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -285,7 +255,7 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type, } } -static psa_status_t ecp_export_public_key( +psa_status_t mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) @@ -309,11 +279,11 @@ static psa_status_t ecp_export_public_key( return( status ); } -#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ -#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) -static psa_status_t ecp_generate_key( +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) +psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { @@ -355,15 +325,15 @@ static psa_status_t ecp_generate_key( return( status ); } -#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ /****************************************************************/ /* ECDSA sign/verify */ /****************************************************************/ -#if defined(BUILTIN_ALG_ECDSA) || \ - defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) -static psa_status_t ecdsa_sign_hash( +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -395,7 +365,7 @@ static psa_status_t ecdsa_sign_hash( if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) ) { -#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); @@ -408,7 +378,7 @@ static psa_status_t ecdsa_sign_hash( #else ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; goto cleanup; -#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } else { @@ -437,7 +407,7 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t ecdsa_verify_hash( +psa_status_t mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -496,177 +466,7 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(BUILTIN_ALG_ECDSA) || \ - * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - -psa_status_t mbedtls_psa_ecp_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( ecp_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); -} - -psa_status_t mbedtls_psa_ecp_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( ecp_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); -} - -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) -psa_status_t mbedtls_psa_ecp_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( ecp_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); -} -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ - - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - -psa_status_t mbedtls_psa_ecdsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - - return( ecdsa_sign_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); -} - -psa_status_t mbedtls_psa_ecdsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - return( ecdsa_verify_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); -} - -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) - -psa_status_t libtestdriver1_mbedtls_psa_ecp_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( ecp_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_ecp_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( ecp_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); -} - -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(MBEDTLS_GENPRIME) -psa_status_t libtestdriver1_mbedtls_psa_ecp_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( ecp_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); -} -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && - defined(MBEDTLS_GENPRIME) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - -#if defined(MBEDTLS_ECDSA_C) - return( ecdsa_sign_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); -#else - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif -} - -psa_status_t libtestdriver1_mbedtls_psa_ecdsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ -#if defined(MBEDTLS_ECDSA_C) - return( ecdsa_verify_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); -#else - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif -} - -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || - * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index 84ba84125..9c50ca8db 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -29,63 +29,6 @@ #include #include -/* Use builtin defines specific to this compilation unit, since the test driver - * relies on the software driver. */ -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) ) -#define BUILTIN_ALG_MD2 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) ) -#define BUILTIN_ALG_MD4 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) ) -#define BUILTIN_ALG_MD5 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) ) ) -#define BUILTIN_ALG_RIPEMD160 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) ) ) -#define BUILTIN_ALG_SHA_1 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) ) ) -#define BUILTIN_ALG_SHA_224 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) ) ) -#define BUILTIN_ALG_SHA_256 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) ) ) -#define BUILTIN_ALG_SHA_384 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) ) ) -#define BUILTIN_ALG_SHA_512 1 -#endif - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ @@ -141,9 +84,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) /* Implement the PSA driver hash interface on top of mbed TLS if either the * software driver or the test driver requires it. */ -#if defined(MBEDTLS_PSA_BUILTIN_HASH) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) ) -static psa_status_t hash_abort( +#if defined(MBEDTLS_PSA_BUILTIN_HASH) +psa_status_t mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ) { switch( operation->alg ) @@ -153,47 +95,47 @@ static psa_status_t hash_abort( * in use. It's ok to call abort on such an object, and there's * nothing to do. */ break; -#if defined(BUILTIN_ALG_MD2) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: mbedtls_md2_free( &operation->ctx.md2 ); break; #endif -#if defined(BUILTIN_ALG_MD4) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: mbedtls_md4_free( &operation->ctx.md4 ); break; #endif -#if defined(BUILTIN_ALG_MD5) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_free( &operation->ctx.md5 ); break; #endif -#if defined(BUILTIN_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: mbedtls_ripemd160_free( &operation->ctx.ripemd160 ); break; #endif -#if defined(BUILTIN_ALG_SHA_1) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: mbedtls_sha1_free( &operation->ctx.sha1 ); break; #endif -#if defined(BUILTIN_ALG_SHA_224) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: mbedtls_sha256_free( &operation->ctx.sha256 ); break; #endif -#if defined(BUILTIN_ALG_SHA_256) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: mbedtls_sha256_free( &operation->ctx.sha256 ); break; #endif -#if defined(BUILTIN_ALG_SHA_384) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: mbedtls_sha512_free( &operation->ctx.sha512 ); break; #endif -#if defined(BUILTIN_ALG_SHA_512) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: mbedtls_sha512_free( &operation->ctx.sha512 ); break; @@ -205,7 +147,7 @@ static psa_status_t hash_abort( return( PSA_SUCCESS ); } -static psa_status_t hash_setup( +psa_status_t mbedtls_psa_hash_setup( mbedtls_psa_hash_operation_t *operation, psa_algorithm_t alg ) { @@ -219,55 +161,55 @@ static psa_status_t hash_setup( switch( alg ) { -#if defined(BUILTIN_ALG_MD2) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: mbedtls_md2_init( &operation->ctx.md2 ); ret = mbedtls_md2_starts_ret( &operation->ctx.md2 ); break; #endif -#if defined(BUILTIN_ALG_MD4) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: mbedtls_md4_init( &operation->ctx.md4 ); ret = mbedtls_md4_starts_ret( &operation->ctx.md4 ); break; #endif -#if defined(BUILTIN_ALG_MD5) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_init( &operation->ctx.md5 ); ret = mbedtls_md5_starts_ret( &operation->ctx.md5 ); break; #endif -#if defined(BUILTIN_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: mbedtls_ripemd160_init( &operation->ctx.ripemd160 ); ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 ); break; #endif -#if defined(BUILTIN_ALG_SHA_1) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: mbedtls_sha1_init( &operation->ctx.sha1 ); ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 ); break; #endif -#if defined(BUILTIN_ALG_SHA_224) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: mbedtls_sha256_init( &operation->ctx.sha256 ); ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 ); break; #endif -#if defined(BUILTIN_ALG_SHA_256) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: mbedtls_sha256_init( &operation->ctx.sha256 ); ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 ); break; #endif -#if defined(BUILTIN_ALG_SHA_384) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: mbedtls_sha512_init( &operation->ctx.sha512 ); ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 ); break; #endif -#if defined(BUILTIN_ALG_SHA_512) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: mbedtls_sha512_init( &operation->ctx.sha512 ); ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 ); @@ -281,11 +223,11 @@ static psa_status_t hash_setup( if( ret == 0 ) operation->alg = alg; else - hash_abort( operation ); + mbedtls_psa_hash_abort( operation ); return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t hash_clone( +psa_status_t mbedtls_psa_hash_clone( const mbedtls_psa_hash_operation_t *source_operation, mbedtls_psa_hash_operation_t *target_operation ) { @@ -293,55 +235,55 @@ static psa_status_t hash_clone( { case 0: return( PSA_ERROR_BAD_STATE ); -#if defined(BUILTIN_ALG_MD2) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: mbedtls_md2_clone( &target_operation->ctx.md2, &source_operation->ctx.md2 ); break; #endif -#if defined(BUILTIN_ALG_MD4) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: mbedtls_md4_clone( &target_operation->ctx.md4, &source_operation->ctx.md4 ); break; #endif -#if defined(BUILTIN_ALG_MD5) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_clone( &target_operation->ctx.md5, &source_operation->ctx.md5 ); break; #endif -#if defined(BUILTIN_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160, &source_operation->ctx.ripemd160 ); break; #endif -#if defined(BUILTIN_ALG_SHA_1) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: mbedtls_sha1_clone( &target_operation->ctx.sha1, &source_operation->ctx.sha1 ); break; #endif -#if defined(BUILTIN_ALG_SHA_224) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: mbedtls_sha256_clone( &target_operation->ctx.sha256, &source_operation->ctx.sha256 ); break; #endif -#if defined(BUILTIN_ALG_SHA_256) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: mbedtls_sha256_clone( &target_operation->ctx.sha256, &source_operation->ctx.sha256 ); break; #endif -#if defined(BUILTIN_ALG_SHA_384) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: mbedtls_sha512_clone( &target_operation->ctx.sha512, &source_operation->ctx.sha512 ); break; #endif -#if defined(BUILTIN_ALG_SHA_512) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: mbedtls_sha512_clone( &target_operation->ctx.sha512, &source_operation->ctx.sha512 ); @@ -357,7 +299,7 @@ static psa_status_t hash_clone( return( PSA_SUCCESS ); } -static psa_status_t hash_update( +psa_status_t mbedtls_psa_hash_update( mbedtls_psa_hash_operation_t *operation, const uint8_t *input, size_t input_length ) @@ -366,55 +308,55 @@ static psa_status_t hash_update( switch( operation->alg ) { -#if defined(BUILTIN_ALG_MD2) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: ret = mbedtls_md2_update_ret( &operation->ctx.md2, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_MD4) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: ret = mbedtls_md4_update_ret( &operation->ctx.md4, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_MD5) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: ret = mbedtls_md5_update_ret( &operation->ctx.md5, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_SHA_1) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: ret = mbedtls_sha1_update_ret( &operation->ctx.sha1, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_SHA_224) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_SHA_256) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_SHA_384) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, input, input_length ); break; #endif -#if defined(BUILTIN_ALG_SHA_512) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, input, input_length ); @@ -429,7 +371,7 @@ static psa_status_t hash_update( return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t hash_finish( +psa_status_t mbedtls_psa_hash_finish( mbedtls_psa_hash_operation_t *operation, uint8_t *hash, size_t hash_size, @@ -456,47 +398,47 @@ static psa_status_t hash_finish( switch( operation->alg ) { -#if defined(BUILTIN_ALG_MD2) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash ); break; #endif -#if defined(BUILTIN_ALG_MD4) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash ); break; #endif -#if defined(BUILTIN_ALG_MD5) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash ); break; #endif -#if defined(BUILTIN_ALG_RIPEMD160) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash ); break; #endif -#if defined(BUILTIN_ALG_SHA_1) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash ); break; #endif -#if defined(BUILTIN_ALG_SHA_224) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); break; #endif -#if defined(BUILTIN_ALG_SHA_256) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); break; #endif -#if defined(BUILTIN_ALG_SHA_384) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); break; #endif -#if defined(BUILTIN_ALG_SHA_512) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); break; @@ -513,7 +455,7 @@ exit: return( status ); } -static psa_status_t hash_compute( +psa_status_t mbedtls_psa_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -526,192 +468,24 @@ static psa_status_t hash_compute( psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; *hash_length = hash_size; - status = hash_setup( &operation, alg ); + status = mbedtls_psa_hash_setup( &operation, alg ); if( status != PSA_SUCCESS ) goto exit; - status = hash_update( &operation, input, input_length ); + status = mbedtls_psa_hash_update( &operation, input, input_length ); if( status != PSA_SUCCESS ) goto exit; - status = hash_finish( &operation, hash, hash_size, hash_length ); + status = mbedtls_psa_hash_finish( &operation, hash, hash_size, hash_length ); if( status != PSA_SUCCESS ) goto exit; exit: - abort_status = hash_abort( &operation ); + abort_status = mbedtls_psa_hash_abort( &operation ); if( status == PSA_SUCCESS ) return( abort_status ); else return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_HASH || - ( PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG ) */ - -#if defined(MBEDTLS_PSA_BUILTIN_HASH) -psa_status_t mbedtls_psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - return( hash_compute( alg, input, input_length, - hash, hash_size, hash_length ) ); -} - -psa_status_t mbedtls_psa_hash_setup( - mbedtls_psa_hash_operation_t *operation, - psa_algorithm_t alg ) -{ - return( hash_setup( operation, alg ) ); -} - -psa_status_t mbedtls_psa_hash_clone( - const mbedtls_psa_hash_operation_t *source_operation, - mbedtls_psa_hash_operation_t *target_operation ) -{ - return( hash_clone( source_operation, target_operation ) ); -} - -psa_status_t mbedtls_psa_hash_update( - mbedtls_psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ - return( hash_update( operation, input, input_length ) ); -} - -psa_status_t mbedtls_psa_hash_finish( - mbedtls_psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ) -{ - return( hash_finish( operation, hash, hash_size, hash_length ) ); -} - -psa_status_t mbedtls_psa_hash_abort( - mbedtls_psa_hash_operation_t *operation ) -{ - return( hash_abort( operation ) ); -} #endif /* MBEDTLS_PSA_BUILTIN_HASH */ - /* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -static int is_hash_accelerated( psa_algorithm_t alg ) -{ - switch( alg ) - { -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) - case PSA_ALG_MD2: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) - case PSA_ALG_MD4: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) - case PSA_ALG_MD5: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) - case PSA_ALG_RIPEMD160: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) - case PSA_ALG_SHA_1: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) - case PSA_ALG_SHA_224: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) - case PSA_ALG_SHA_256: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) - case PSA_ALG_SHA_384: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) - case PSA_ALG_SHA_512: - return( 1 ); -#endif - default: - return( 0 ); - } -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - if( is_hash_accelerated( alg ) ) - return( hash_compute( alg, input, input_length, - hash, hash_size, hash_length ) ); - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_setup( - mbedtls_psa_hash_operation_t *operation, - psa_algorithm_t alg ) -{ - if( is_hash_accelerated( alg ) ) - return( hash_setup( operation, alg ) ); - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_clone( - const mbedtls_psa_hash_operation_t *source_operation, - mbedtls_psa_hash_operation_t *target_operation ) -{ - if( is_hash_accelerated( source_operation->alg ) ) - return( hash_clone( source_operation, target_operation ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_update( - mbedtls_psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ - if( is_hash_accelerated( operation->alg ) ) - return( hash_update( operation, input, input_length ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_finish( - mbedtls_psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ) -{ - if( is_hash_accelerated( operation->alg ) ) - return( hash_finish( operation, hash, hash_size, hash_length ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_hash_abort( - mbedtls_psa_hash_operation_t *operation ) -{ - return( hash_abort( operation ) ); -} - -#endif /* PSA_CRYPTO_DRIVER_TEST */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index fe15e9f6b..5e78d65a6 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -30,22 +30,7 @@ #include #include -/* Use builtin defines specific to this compilation unit, since the test driver - * relies on the software driver. */ -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) ) -#define BUILTIN_ALG_CMAC 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) ) -#define BUILTIN_ALG_HMAC 1 -#endif - -#if defined(BUILTIN_ALG_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ) { @@ -164,9 +149,9 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer ) @@ -202,11 +187,12 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, exit: return( mbedtls_to_psa_error( ret ) ); } -#endif /* BUILTIN_ALG_CMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ /* Implement the PSA driver MAC interface on top of mbed TLS if either the * software driver or the test driver requires it. */ -#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) /* Initialize this driver's MAC operation structure. Once this function has been * called, mbedtls_psa_mac_abort can run and will do the right thing. */ @@ -218,15 +204,15 @@ static psa_status_t mac_init( operation->alg = alg; -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { mbedtls_cipher_init( &operation->ctx.cmac ); status = PSA_SUCCESS; } else -#endif /* BUILTIN_ALG_CMAC */ -#if defined(BUILTIN_ALG_HMAC) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { /* We'll set up the hash operation later in psa_hmac_setup_internal. */ @@ -234,7 +220,7 @@ static psa_status_t mac_init( status = PSA_SUCCESS; } else -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { (void) operation; status = PSA_ERROR_NOT_SUPPORTED; @@ -245,7 +231,7 @@ static psa_status_t mac_init( return( status ); } -static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) +psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation ) { if( operation->alg == 0 ) { @@ -255,20 +241,20 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) return( PSA_SUCCESS ); } else -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { mbedtls_cipher_free( &operation->ctx.cmac ); } else -#endif /* BUILTIN_ALG_CMAC */ -#if defined(BUILTIN_ALG_HMAC) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { psa_hmac_abort_internal( &operation->ctx.hmac ); } else -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ @@ -288,11 +274,11 @@ bad_state: return( PSA_ERROR_BAD_STATE ); } -static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) +static psa_status_t psa_mac_setup( mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -304,7 +290,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, if( status != PSA_SUCCESS ) return( status ); -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) { /* Key buffer size for CMAC is dictated by the key bits set on the @@ -313,8 +299,8 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, status = cmac_setup( operation, attributes, key_buffer ); } else -#endif /* BUILTIN_ALG_CMAC */ -#if defined(BUILTIN_ALG_HMAC) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( alg ) ) { status = psa_hmac_setup_internal( &operation->ctx.hmac, @@ -323,7 +309,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, PSA_ALG_HMAC_GET_HASH( alg ) ); } else -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { (void) attributes; (void) key_buffer; @@ -332,12 +318,34 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, } if( status != PSA_SUCCESS ) - mac_abort( operation ); + mbedtls_psa_mac_abort( operation ); return( status ); } -static psa_status_t mac_update( +psa_status_t mbedtls_psa_mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( psa_mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( psa_mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) @@ -345,7 +353,7 @@ static psa_status_t mac_update( if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { return( mbedtls_to_psa_error( @@ -353,15 +361,15 @@ static psa_status_t mac_update( input, input_length ) ) ); } else -#endif /* BUILTIN_ALG_CMAC */ -#if defined(BUILTIN_ALG_HMAC) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { return( psa_hmac_update_internal( &operation->ctx.hmac, input, input_length ) ); } else -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -371,11 +379,11 @@ static psa_status_t mac_update( } } -static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size ) +static psa_status_t psa_mac_finish_internal( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, size_t mac_size ) { -#if defined(BUILTIN_ALG_CMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE]; @@ -386,15 +394,15 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, return( mbedtls_to_psa_error( ret ) ); } else -#endif /* BUILTIN_ALG_CMAC */ -#if defined(BUILTIN_ALG_HMAC) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { return( psa_hmac_finish_internal( &operation->ctx.hmac, mac, mac_size ) ); } else -#endif /* BUILTIN_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -405,7 +413,7 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, } } -static psa_status_t mac_sign_finish( +psa_status_t mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, @@ -416,15 +424,14 @@ static psa_status_t mac_sign_finish( if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - status = mac_finish_internal( operation, mac, mac_size ); - + status = psa_mac_finish_internal( operation, mac, mac_size ); if( status == PSA_SUCCESS ) *mac_length = mac_size; return( status ); } -static psa_status_t mac_verify_finish( +psa_status_t mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ) @@ -439,7 +446,7 @@ static psa_status_t mac_verify_finish( if( mac_length > sizeof( actual_mac ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = mac_finish_internal( operation, actual_mac, mac_length ); + status = psa_mac_finish_internal( operation, actual_mac, mac_length ); if( status != PSA_SUCCESS ) goto cleanup; @@ -452,7 +459,7 @@ cleanup: return( status ); } -static psa_status_t mac_compute( +psa_status_t mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -466,212 +473,29 @@ static psa_status_t mac_compute( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT; - status = mac_setup( &operation, - attributes, key_buffer, key_buffer_size, - alg ); + status = psa_mac_setup( &operation, + attributes, key_buffer, key_buffer_size, + alg ); if( status != PSA_SUCCESS ) goto exit; if( input_length > 0 ) { - status = mac_update( &operation, input, input_length ); + status = mbedtls_psa_mac_update( &operation, input, input_length ); if( status != PSA_SUCCESS ) goto exit; } - status = mac_finish_internal( &operation, mac, mac_size ); + status = psa_mac_finish_internal( &operation, mac, mac_size ); if( status == PSA_SUCCESS ) *mac_length = mac_size; exit: - mac_abort( &operation ); + mbedtls_psa_mac_abort( &operation ); return( status ); } -#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */ - -#if defined(MBEDTLS_PSA_BUILTIN_MAC) -psa_status_t mbedtls_psa_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - return( mac_compute( attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length ) ); -} - -psa_status_t mbedtls_psa_mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( mac_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t mbedtls_psa_mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( mac_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); -} - -psa_status_t mbedtls_psa_mac_update( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ - return( mac_update( operation, input, input_length ) ); -} - -psa_status_t mbedtls_psa_mac_sign_finish( - mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - return( mac_sign_finish( operation, mac, mac_size, mac_length ) ); -} - -psa_status_t mbedtls_psa_mac_verify_finish( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ) -{ - return( mac_verify_finish( operation, mac, mac_length ) ); -} - -psa_status_t mbedtls_psa_mac_abort( - mbedtls_psa_mac_operation_t *operation ) -{ - return( mac_abort( operation ) ); -} -#endif /* MBEDTLS_PSA_BUILTIN_MAC */ - - /* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -static int is_mac_accelerated( psa_algorithm_t alg ) -{ -#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) - if( PSA_ALG_IS_HMAC( alg ) ) - return( 1 ); -#endif - - switch( PSA_ALG_FULL_LENGTH_MAC( alg ) ) - { -#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) - case PSA_ALG_CMAC: - return( 1 ); -#endif - default: - return( 0 ); - } -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_compute( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - if( is_mac_accelerated( alg ) ) - return( mac_compute( attributes, key_buffer, key_buffer_size, alg, - input, input_length, - mac, mac_size, mac_length ) ); - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - if( is_mac_accelerated( alg ) ) - return( mac_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - if( is_mac_accelerated( alg ) ) - return( mac_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_update( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ - if( is_mac_accelerated( operation->alg ) ) - return( mac_update( operation, input, input_length ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_sign_finish( - mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ - if( is_mac_accelerated( operation->alg ) ) - return( mac_sign_finish( operation, mac, mac_size, mac_length ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_verify_finish( - mbedtls_psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ) -{ - if( is_mac_accelerated( operation->alg ) ) - return( mac_verify_finish( operation, mac, mac_length ) ); - else - return( PSA_ERROR_BAD_STATE ); -} - -psa_status_t libtestdriver1_mbedtls_psa_mac_abort( - mbedtls_psa_mac_operation_t *operation ) -{ - return( mac_abort( operation ) ); -} - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_CMAC */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 4ee0adf9e..bafb55c7d 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -41,42 +41,12 @@ #include #include -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ) ) -#define BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) ) -#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) ) -#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 -#endif - -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) ) -#define BUILTIN_ALG_RSA_PSS 1 -#endif - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(BUILTIN_ALG_RSA_PSS) || \ - defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes * that are not a multiple of 8) well. For example, there is only @@ -151,15 +121,15 @@ exit: } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(BUILTIN_ALG_RSA_PSS) || - * defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || - * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) -static psa_status_t rsa_import_key( +psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, @@ -251,7 +221,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type, #endif /* MBEDTLS_PK_WRITE_C */ } -static psa_status_t rsa_export_public_key( +psa_status_t mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length ) @@ -275,10 +245,10 @@ static psa_status_t rsa_export_public_key( return( status ); } -#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || - * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ defined(MBEDTLS_GENPRIME) static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, @@ -306,7 +276,7 @@ static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters, return( PSA_SUCCESS ); } -static psa_status_t rsa_generate_key( +psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { @@ -337,14 +307,15 @@ static psa_status_t rsa_generate_key( return( status ); } -#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) * defined(MBEDTLS_GENPRIME) */ /****************************************************************/ /* Sign/verify hashes */ /****************************************************************/ -#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ @@ -376,7 +347,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_SUCCESS ); } -static psa_status_t rsa_sign_hash( +psa_status_t mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -404,7 +375,7 @@ static psa_status_t rsa_sign_hash( goto exit; } -#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -419,8 +390,8 @@ static psa_status_t rsa_sign_hash( signature ); } else -#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(BUILTIN_ALG_RSA_PSS) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -434,7 +405,7 @@ static psa_status_t rsa_sign_hash( signature ); } else -#endif /* BUILTIN_ALG_RSA_PSS */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -451,7 +422,7 @@ exit: return( status ); } -#if defined(BUILTIN_ALG_RSA_PSS) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) static int rsa_pss_expected_salt_len( psa_algorithm_t alg, const mbedtls_rsa_context *rsa, size_t hash_length ) @@ -470,9 +441,9 @@ static int rsa_pss_expected_salt_len( psa_algorithm_t alg, else return( room ); } -#endif +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ -static psa_status_t rsa_verify_hash( +psa_status_t mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -500,7 +471,7 @@ static psa_status_t rsa_verify_hash( goto exit; } -#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -515,8 +486,8 @@ static psa_status_t rsa_verify_hash( signature ); } else -#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(BUILTIN_ALG_RSA_PSS) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length ); @@ -533,7 +504,7 @@ static psa_status_t rsa_verify_hash( signature ); } else -#endif /* BUILTIN_ALG_RSA_PSS */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -553,176 +524,7 @@ exit: return( status ); } -#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(BUILTIN_ALG_RSA_PSS) */ - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - -psa_status_t mbedtls_psa_rsa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( rsa_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); -} - -psa_status_t mbedtls_psa_rsa_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( rsa_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); -} - -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ - defined(MBEDTLS_GENPRIME) -psa_status_t mbedtls_psa_rsa_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( rsa_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); -} -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) - * defined(MBEDTLS_GENPRIME) */ - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) -psa_status_t mbedtls_psa_rsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - return( rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); -} - -psa_status_t mbedtls_psa_rsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - return( rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); -} #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ -/* - * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. - */ - -#if defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) - -psa_status_t libtestdriver1_mbedtls_psa_rsa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( rsa_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); -} - -psa_status_t libtestdriver1_mbedtls_psa_rsa_export_public_key( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( rsa_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); -} - -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) */ - -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) -psa_status_t libtestdriver1_mbedtls_psa_rsa_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( rsa_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); -} -#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ - -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -psa_status_t libtestdriver1_mbedtls_psa_rsa_sign_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ -#if defined(MBEDTLS_RSA_C) && \ - (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) - return( rsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); -#else - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif -} - -psa_status_t libtestdriver1_mbedtls_psa_rsa_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ -#if defined(MBEDTLS_RSA_C) && \ - (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) - return( rsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); -#else - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif -} -#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ - -#endif /* PSA_CRYPTO_DRIVER_TEST && MBEDTLS_PSA_CRYPTO_CONFIG */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index ebe83dee4..865cd7433 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -74,7 +74,7 @@ psa_status_t mbedtls_test_transparent_hash_finish( size_t *hash_length ); psa_status_t mbedtls_test_transparent_hash_abort( - mbedtls_psa_hash_operation_t *operation ); + mbedtls_transparent_test_driver_hash_operation_t *operation ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 1cff3cb59..029fcdd9a 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -66,11 +66,24 @@ const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = psa_status_t mbedtls_test_transparent_init( void ) { +psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) + status = libtestdriver1_psa_crypto_init( ); + if( status != PSA_SUCCESS ) + return( status ); +#endif + + (void)status; return( PSA_SUCCESS ); } void mbedtls_test_transparent_free( void ) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) + libtestdriver1_mbedtls_psa_crypto_free( ); +#endif + return; } From 0d5a27b195dff3eeac704fa15090054e2eda91ed Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 10:12:20 +0200 Subject: [PATCH 21/29] psa: Fix Mbed TLS hash operation definition Use PSA_BUILTIN macros instead of the Mbed TLS ones as in the hash operation contexts the context for a given hash is needed only if the support for it through PSA is enabled. Signed-off-by: Ronald Cron --- include/psa/crypto_builtin_primitives.h | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index a268e5369..62a0e6f37 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -65,25 +65,27 @@ typedef struct union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_MD2_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) mbedtls_md2_context md2; #endif -#if defined(MBEDTLS_MD4_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) mbedtls_md4_context md4; #endif -#if defined(MBEDTLS_MD5_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) mbedtls_md5_context md5; #endif -#if defined(MBEDTLS_RIPEMD160_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) mbedtls_ripemd160_context ripemd160; #endif -#if defined(MBEDTLS_SHA1_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) mbedtls_sha1_context sha1; #endif -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) mbedtls_sha256_context sha256; #endif -#if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) mbedtls_sha512_context sha512; #endif } ctx; From d98ec4b1e761a5774b4ece4b69f2e41495da2ddb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 Apr 2021 18:28:46 +0200 Subject: [PATCH 22/29] psa: Fix some dependencies in config_psa.h Signed-off-by: Ronald Cron --- include/mbedtls/config_psa.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 976b4d342..189f6c217 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -93,6 +93,10 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 #define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ #endif /* PSA_WANT_ALG_ECDSA */ @@ -235,6 +239,8 @@ extern "C" { #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ @@ -247,6 +253,8 @@ extern "C" { #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ @@ -435,10 +443,12 @@ extern "C" { #endif /* PSA_WANT_ALG_GCM */ #if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) #if defined(PSA_WANT_KEY_TYPE_CHACHA20) #define MBEDTLS_CHACHAPOLY_C #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 #endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) From d2c53e60ca69eb0c061333fe1556e6fba72e96bb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 13 Sep 2021 09:38:05 +0200 Subject: [PATCH 23/29] all.sh: psa: Add ECDSA and RSA signature acceleration component Add ECDSA and RSA signature acceleration testing with signature capabilitites removed from the Mbed TLS library. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 124 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b1caf6e99..fec97cb5e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1591,6 +1591,130 @@ component_test_no_use_psa_crypto_full_cmake_asan() { env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } +component_test_psa_crypto_config_accel_ecdsa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + # SHA384 needed for some ECDSA signature tests. + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C + + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Restore test driver base configuration + scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + unset loc_accel_flags + unset loc_accel_list + + if_build_succeeded not grep mbedtls_ecdsa_ library/ecdsa.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA" + make test +} + +component_test_psa_crypto_config_accel_rsa_signature () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + # It seems it is not possible to remove only the support for RSA signature + # in the library. Thus we have to remove all RSA support (signature and + # encryption/decryption). AS there is no driver support for asymmetric + # encryption/decryption so far remove RSA encryption/decryption from the + # application algorithm list. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + + # Make sure both the library and the test library support the SHA hash + # algorithms and only those ones (SHA256 is included by default). That way: + # - the test library can compute the RSA signatures even in the case of a + # composite RSA signature algorithm based on a SHA hash (no other hash + # used in the unit tests). + # - the dependency of RSA signature tests on PSA_WANT_ALG_SHA_xyz is + # fulfilled as the hash SHA algorithm is supported by the library, and + # thus the tests are run, not skipped. + # - when testing a signature key with an algorithm wildcard built from + # PSA_ALG_ANY_HASH as algorithm to test with the key, the chosen hash + # algorithm based on the hashes supported by the library is also + # supported by the test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C + + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C + # We need PEM parsing in the test library as well to support the import + # of PEM encoded RSA keys. + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_PEM_PARSE_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_BASE64_C + + loc_accel_list="ALG_RSA_PKCS1V15_SIGN ALG_RSA_PSS KEY_TYPE_RSA_KEY_PAIR KEY_TYPE_RSA_PUBLIC_KEY" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Restore test driver base configuration + scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C + scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C + + + # Mbed TLS library build + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT + + scripts/config.py unset MBEDTLS_MD2_C + scripts/config.py unset MBEDTLS_MD4_C + scripts/config.py unset MBEDTLS_MD5_C + scripts/config.py unset MBEDTLS_RIPEMD160_C + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 + scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + unset loc_accel_flags + unset loc_accel_list + + if_build_succeeded not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o + if_build_succeeded not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From ef14af04c75cd6e84ecc277b3b3291e9cae1ad6a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 31 Aug 2021 19:08:55 +0200 Subject: [PATCH 24/29] tests: psa: Refine choice of default hash algorithm for signature As PSA signatures rely on built-in hash implementations (cannot take an advantage of an accelerator for the time being), chose an available built-in hash for tests exercising a signature key. Signed-off-by: Ronald Cron --- tests/include/test/psa_exercise_key.h | 28 +++++++++++++++++++++++++++ tests/src/psa_exercise_key.c | 4 ++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 57eae5891..e67f515aa 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -56,6 +56,34 @@ #undef KNOWN_SUPPORTED_HASH_ALG #endif +/** \def KNOWN_MBEDTLS_SUPPORTED_HASH_ALG + * + * A hash algorithm that is known to be supported by Mbed TLS APIs. + * + * This is used in some smoke tests where the hash algorithm is used as + * part of another algorithm like a signature algorithm and the hashing is + * completed through an Mbed TLS hash API, not the PSA one. + */ +#if defined(MBEDTLS_MD2_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD2 +#elif defined(MBEDTLS_MD4_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD4 +#elif defined(MBEDTLS_MD5_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ +#elif defined(MBEDTLS_SHA1_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(MBEDTLS_SHA256_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 +#elif defined(MBEDTLS_SHA512_C) +#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 +#else +#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG +#endif + /** \def KNOWN_SUPPORTED_BLOCK_CIPHER * * A block cipher that is known to be supported. diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index de2c48d6d..c1e76c85e 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -309,8 +309,8 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, /* If the policy allows signing with any hash, just pick one. */ if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH ) { - #if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; + #if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG; alg ^= PSA_ALG_ANY_HASH ^ hash_alg; #else TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); From 9130eadde86287a238673cab1c1bf24082da8118 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 11:10:05 +0200 Subject: [PATCH 25/29] tests: psa: Add dependencies on built-in hash Add dependencies on built-in hash of signature/ signature verification and asymmetric encryption/decryption tests. The dependency is not added for tests based on SHA-256 as SHA-256 is always present when PSA is involved (necessary to the PSA core) and that way most of PSA signature /verification tests are still run when PSA hash operations are accelerated. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.data | 38 ++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 46309a7d2..c666d4a14 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2512,7 +2512,7 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA sign hash: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 @@ -2608,11 +2608,11 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify hash: randomized ECDSA SECP384R1 SHA-256 @@ -2632,7 +2632,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) @@ -2688,35 +2688,35 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLI verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800" PSA verify hash: RSA-1024 PSS SHA-512, slen=61 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a" PSA verify hash: RSA-1024 PSS SHA-512, slen=62 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=62 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" PSA verify hash: RSA-528 PSS SHA-512, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" PSA verify hash: RSA-520 PSS SHA-512 (hash too large) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA-520 PSS-any-salt SHA-512 (hash too large) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes) @@ -2780,7 +2780,7 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548" PSA sign message: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384 sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066" PSA sign message: deterministic ECDSA SECP384R1 SHA-256 @@ -2900,7 +2900,7 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAI sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263" PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263" PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256 @@ -3036,11 +3036,11 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBL asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-384, good -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-384, good, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"746869730069730061006c6162656c00":128:PSA_SUCCESS PSA encrypt: RSA PKCS#1 v1.5, key pair @@ -3060,7 +3060,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBED asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA OAEP-SHA-384, input too large -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: invalid algorithm @@ -3088,7 +3088,7 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_ asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00" PSA encrypt-decrypt: RSA OAEP-SHA-384 -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"" PSA decrypt: RSA PKCS#1 v1.5: good #1 @@ -3124,7 +3124,7 @@ depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_ asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-384, 30 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty) From f7e483c0b432b589715548c794607778c0a7a52a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 8 May 2021 14:32:59 +0200 Subject: [PATCH 26/29] all.sh: psa: Add hash acceleration test component Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fec97cb5e..41cb46d03 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1715,6 +1715,46 @@ component_test_psa_crypto_config_accel_rsa_signature () { make test } +component_test_psa_crypto_config_accel_hash () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_MD4 ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_MD2_C + scripts/config.py unset MBEDTLS_MD4_C + scripts/config.py unset MBEDTLS_MD5_C + scripts/config.py unset MBEDTLS_RIPEMD160_C + scripts/config.py unset MBEDTLS_SHA1_C + # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. + scripts/config.py unset MBEDTLS_SHA512_C + # Unset MBEDTLS_SSL_PROTO_SSL3, MBEDTLS_SSL_PROTO_TLS1 and MBEDTLS_SSL_PROTO_TLS1_1 as they depend on MBEDTLS_SHA1_C + scripts/config.py unset MBEDTLS_SSL_PROTO_SSL3 + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1 + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_1 + # Unset MBEDTLS_SSL_CBC_RECORD_SPLITTING as it depends on MBEDTLS_SSL_PROTO_TLS1 in the default configuration. + scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + unset loc_accel_flags + unset loc_accel_list + + if_build_succeeded not grep mbedtls_sha512_init library/sha512.o + if_build_succeeded not grep mbedtls_sha1_init library/sha1.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From 0962370acf3b7137ae0d74641769239f1a5414ce Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Oct 2021 11:26:01 +0200 Subject: [PATCH 27/29] all.sh: psa: Add cipher acceleration test component Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 41cb46d03..65a5dca8b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1755,6 +1755,45 @@ component_test_psa_crypto_config_accel_hash () { make test } +component_test_psa_crypto_config_accel_cipher () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" + + loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # There is no intended accelerator support for ALG STREAM_CIPHER and + # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the + # inclusion of the Mbed TLS cipher operations. As we want to test here with + # cipher operations solely supported by accelerators, disabled those + # PSA configuration options. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CMAC + + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 + scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR + scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB + scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + unset loc_accel_flags + unset loc_accel_list + + if_build_succeeded not grep mbedtls_des* library/des.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From bdea4d4d8b649ecc1415813fe4151b287c201235 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Nov 2021 18:01:40 +0100 Subject: [PATCH 28/29] psa: Fix and improve comments Signed-off-by: Ronald Cron --- library/psa_crypto_hash.c | 2 -- library/psa_crypto_mac.c | 2 -- tests/include/test/drivers/config_test_driver.h | 14 ++++++-------- .../drivers/crypto_config_test_driver_extension.h | 8 +++++--- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index 9c50ca8db..337e557b0 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -82,8 +82,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -/* Implement the PSA driver hash interface on top of mbed TLS if either the - * software driver or the test driver requires it. */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) psa_status_t mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation ) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 5e78d65a6..dcf065a67 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -189,8 +189,6 @@ exit: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -/* Implement the PSA driver MAC interface on top of mbed TLS if either the - * software driver or the test driver requires it. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 0b5a6499a..97be72d2f 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -1,11 +1,9 @@ -/** - * \file config.h - * - * \brief Configuration options (set of defines) - * - * This set of compile-time options may be used to enable - * or disable features selectively, and reduce the global - * memory footprint. +/* + * Mbed TLS configuration for PSA test driver libraries. It includes: + * . the minimum set of modules needed by the PSA core. + * . the Mbed TLS configuration options that may need to be additionally + * enabled for the purpose of a specific test. + * . the PSA configuration file for the Mbed TLS library and its test drivers. */ /* * Copyright The Mbed TLS Contributors diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index f4f95dcfc..f5be7b385 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -1,7 +1,9 @@ /** - * \file psa/crypto_config.h - * \brief PSA crypto configuration options (set of defines) - * + * This file is intended to be used to build PSA test driver libraries. It is + * intended to be appended by the test build system to the crypto_config.h file + * of the Mbed TLS library the test library will be linked to. It mirrors the + * PSA_ACCEL_* macros defining the cryptographic operations the test library + * supports. */ #if defined(PSA_WANT_ALG_CBC_NO_PADDING) From 9ecdd970d039cbab076d85742b625071855c497e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Nov 2021 18:02:34 +0100 Subject: [PATCH 29/29] psa: Fix obsolete code guard Signed-off-by: Ronald Cron --- library/psa_crypto.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b08235c74..9bcdb7f6b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -385,15 +385,11 @@ psa_status_t mbedtls_to_psa_error( int ret ) /* Key management */ /****************************************************************/ -/* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the - * current test driver in key_management.c is using this function - * when accelerators are used for ECC key pair and public key. - * Once that dependency is resolved these guards can be removed. - */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t bits, int bits_is_sloppy ) @@ -489,9 +485,10 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, return( MBEDTLS_ECP_DP_NONE ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || - * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, size_t bits )