Define EC curve family constants
Define constants for ECC curve families and DH group families. These constants have 0x0000 in the lower 16 bits of the key type. Support these constants in the implementation and in the PSA metadata tests. Switch the slot management and secure element driver HAL tests to the new curve encodings. This requires SE driver code to become slightly more clever when figuring out the bit-size of an imported EC key since it now needs to take the data size into account. Switch some documentation to the new encodings. Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
This commit is contained in:
parent
025fccdc32
commit
228abc5773
12 changed files with 245 additions and 49 deletions
|
@ -865,7 +865,7 @@ Mbed Crypto provides a simple way to generate a key or key pair.
|
|||
psa_set_key_algorithm(&attributes,
|
||||
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
|
||||
psa_set_key_type(&attributes,
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1));
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1));
|
||||
psa_set_key_bits(&attributes, key_bits);
|
||||
status = psa_generate_key(&attributes, &handle);
|
||||
if (status != PSA_SUCCESS) {
|
||||
|
|
|
@ -3502,10 +3502,10 @@ psa_status_t psa_key_derivation_output_bytes(
|
|||
* length is determined by the curve, and sets the mandatory bits
|
||||
* accordingly. That is:
|
||||
*
|
||||
* - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
|
||||
* and process it as specified in RFC 7748 §5.
|
||||
* - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
|
||||
* and process it as specified in RFC 7748 §5.
|
||||
* - Curve25519 (#PSA_ECC_CURVE_MONTGOMERY, 255 bits): draw a 32-byte
|
||||
* string and process it as specified in RFC 7748 §5.
|
||||
* - Curve448 (#PSA_ECC_CURVE_MONTGOMERY, 448 bits): draw a 56-byte
|
||||
* string and process it as specified in RFC 7748 §5.
|
||||
*
|
||||
* - For key types for which the key is represented by a single sequence of
|
||||
* \p bits bits with constraints as to which bit sequences are acceptable,
|
||||
|
|
|
@ -190,16 +190,6 @@
|
|||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
|
||||
#endif
|
||||
|
||||
/** Bit size associated with an elliptic curve.
|
||||
*
|
||||
* \param curve An elliptic curve (value of type #psa_ecc_curve_t).
|
||||
*
|
||||
* \return The size associated with \p curve, in bits.
|
||||
* This may be 0 if the implementation does not support
|
||||
* the specified curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_BITS(curve) ((curve) & 0xffff)
|
||||
|
||||
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
|
||||
*
|
||||
* This macro returns the maximum length of the PSK supported
|
||||
|
|
|
@ -65,7 +65,7 @@ typedef int32_t psa_status_t;
|
|||
*/
|
||||
typedef uint32_t psa_key_type_t;
|
||||
|
||||
/** The type of PSA elliptic curve identifiers.
|
||||
/** The type of PSA elliptic curve family identifiers.
|
||||
*
|
||||
* The curve identifier is required to create an ECC key using the
|
||||
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
|
||||
|
@ -73,7 +73,7 @@ typedef uint32_t psa_key_type_t;
|
|||
*/
|
||||
typedef uint32_t psa_ecc_curve_t;
|
||||
|
||||
/** The type of PSA Diffie-Hellman group identifiers.
|
||||
/** The type of PSA Diffie-Hellman group family identifiers.
|
||||
*
|
||||
* The group identifier is required to create an Diffie-Hellman key using the
|
||||
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
|
||||
|
|
|
@ -458,6 +458,79 @@
|
|||
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
|
||||
0))
|
||||
|
||||
/** SEC Koblitz curves over prime fields.
|
||||
*
|
||||
* This family comprises the following curves:
|
||||
* secp192k1, secp224k1, secp256k1.
|
||||
* They are defined in _Standards for Efficient Cryptography_,
|
||||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x160000)
|
||||
|
||||
/** SEC random curves over prime fields.
|
||||
*
|
||||
* This family comprises the following curves:
|
||||
* secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
|
||||
* They are defined in _Standards for Efficient Cryptography_,
|
||||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x120000)
|
||||
/* SECP160R2 (SEC2 v1, obsolete) */
|
||||
#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1a0000)
|
||||
|
||||
/** SEC Koblitz curves over binary fields.
|
||||
*
|
||||
* This family comprises the following curves:
|
||||
* sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
|
||||
* They are defined in _Standards for Efficient Cryptography_,
|
||||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x260000)
|
||||
|
||||
/** SEC random curves over binary fields.
|
||||
*
|
||||
* This family comprises the following curves:
|
||||
* sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
|
||||
* They are defined in _Standards for Efficient Cryptography_,
|
||||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECT_R1 ((psa_ecc_curve_t) 0x220000)
|
||||
|
||||
/** SEC additional random curves over binary fields.
|
||||
*
|
||||
* This family comprises the following curve:
|
||||
* sect163r2.
|
||||
* It is defined in _Standards for Efficient Cryptography_,
|
||||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2a0000)
|
||||
|
||||
/** Brainpool P random curves.
|
||||
*
|
||||
* This family comprises the following curves:
|
||||
* brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
|
||||
* brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
|
||||
* It is defined in RFC 5639.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P_R1 ((psa_ecc_curve_t) 0x300000)
|
||||
|
||||
/** Curve25519 and Curve448.
|
||||
*
|
||||
* This family comprises the following Montgomery curves:
|
||||
* - 255-bit: Bernstein et al.,
|
||||
* _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
|
||||
* The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
|
||||
* - 448-bit: Hamburg,
|
||||
* _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
|
||||
* The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x400000)
|
||||
|
||||
#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x1600a0)
|
||||
#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x1600c0)
|
||||
#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x1600e0)
|
||||
|
@ -538,6 +611,14 @@
|
|||
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
|
||||
0))
|
||||
|
||||
/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
|
||||
*
|
||||
* This family includes groups with the following key sizes (in bits):
|
||||
* 2048, 3072, 4096, 6144, 8192. A given implementation may support
|
||||
* all of these sizes or only a subset.
|
||||
*/
|
||||
#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x020000)
|
||||
|
||||
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x020800)
|
||||
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x020c00)
|
||||
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x021000)
|
||||
|
|
|
@ -427,10 +427,30 @@ psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
|
|||
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
|
||||
size_t byte_length )
|
||||
{
|
||||
if( PSA_BITS_TO_BYTES( curve & 0xffff ) != byte_length )
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
if( ( curve & 0xffff ) != 0 )
|
||||
{
|
||||
if( PSA_BITS_TO_BYTES( curve & 0xffff ) != byte_length )
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
switch( curve )
|
||||
{
|
||||
case PSA_ECC_CURVE_SECP_R1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 192 ):
|
||||
return( MBEDTLS_ECP_DP_SECP192R1 );
|
||||
case PSA_BITS_TO_BYTES( 224 ):
|
||||
return( MBEDTLS_ECP_DP_SECP224R1 );
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
return( MBEDTLS_ECP_DP_SECP256R1 );
|
||||
case PSA_BITS_TO_BYTES( 384 ):
|
||||
return( MBEDTLS_ECP_DP_SECP384R1 );
|
||||
case PSA_BITS_TO_BYTES( 521 ):
|
||||
return( MBEDTLS_ECP_DP_SECP521R1 );
|
||||
default:
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_CURVE_SECP192R1:
|
||||
return( MBEDTLS_ECP_DP_SECP192R1 );
|
||||
case PSA_ECC_CURVE_SECP224R1:
|
||||
|
@ -441,22 +461,63 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
|
|||
return( MBEDTLS_ECP_DP_SECP384R1 );
|
||||
case PSA_ECC_CURVE_SECP521R1:
|
||||
return( MBEDTLS_ECP_DP_SECP521R1 );
|
||||
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P_R1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
return( MBEDTLS_ECP_DP_BP256R1 );
|
||||
case PSA_BITS_TO_BYTES( 384 ):
|
||||
return( MBEDTLS_ECP_DP_BP384R1 );
|
||||
case PSA_BITS_TO_BYTES( 512 ):
|
||||
return( MBEDTLS_ECP_DP_BP512R1 );
|
||||
default:
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P256R1:
|
||||
return( MBEDTLS_ECP_DP_BP256R1 );
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P384R1:
|
||||
return( MBEDTLS_ECP_DP_BP384R1 );
|
||||
case PSA_ECC_CURVE_BRAINPOOL_P512R1:
|
||||
return( MBEDTLS_ECP_DP_BP512R1 );
|
||||
|
||||
case PSA_ECC_CURVE_MONTGOMERY:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 255 ):
|
||||
return( MBEDTLS_ECP_DP_CURVE25519 );
|
||||
case PSA_BITS_TO_BYTES( 448 ):
|
||||
return( MBEDTLS_ECP_DP_CURVE448 );
|
||||
default:
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_CURVE_CURVE25519:
|
||||
return( MBEDTLS_ECP_DP_CURVE25519 );
|
||||
case PSA_ECC_CURVE_CURVE448:
|
||||
return( MBEDTLS_ECP_DP_CURVE448 );
|
||||
|
||||
case PSA_ECC_CURVE_SECP_K1:
|
||||
switch( byte_length )
|
||||
{
|
||||
case PSA_BITS_TO_BYTES( 192 ):
|
||||
return( MBEDTLS_ECP_DP_SECP192K1 );
|
||||
case PSA_BITS_TO_BYTES( 224 ):
|
||||
return( MBEDTLS_ECP_DP_SECP224K1 );
|
||||
case PSA_BITS_TO_BYTES( 256 ):
|
||||
return( MBEDTLS_ECP_DP_SECP256K1 );
|
||||
default:
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_CURVE_SECP192K1:
|
||||
return( MBEDTLS_ECP_DP_SECP192K1 );
|
||||
case PSA_ECC_CURVE_SECP224K1:
|
||||
return( MBEDTLS_ECP_DP_SECP224K1 );
|
||||
case PSA_ECC_CURVE_SECP256K1:
|
||||
return( MBEDTLS_ECP_DP_SECP256K1 );
|
||||
case PSA_ECC_CURVE_CURVE448:
|
||||
return( MBEDTLS_ECP_DP_CURVE448 );
|
||||
|
||||
default:
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
|
@ -685,9 +746,6 @@ static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve,
|
|||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
|
||||
if( PSA_BITS_TO_BYTES( PSA_ECC_CURVE_BITS( curve ) ) != data_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_prepare_import_ec_key( curve, data_length, 0, &ecp );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
|
|
@ -104,7 +104,9 @@ class Inputs:
|
|||
'key_type': [self.key_types],
|
||||
'block_cipher_key_type': [self.key_types],
|
||||
'stream_cipher_key_type': [self.key_types],
|
||||
'ecc_key_family': [self.ecc_curves],
|
||||
'ecc_key_types': [self.ecc_curves],
|
||||
'dh_key_family': [self.dh_groups],
|
||||
'dh_key_types': [self.dh_groups],
|
||||
'hash_algorithm': [self.hash_algorithms],
|
||||
'mac_algorithm': [self.mac_algorithms],
|
||||
|
|
|
@ -351,6 +351,30 @@ Key type: DSA key pair
|
|||
depends_on:MBEDTLS_DSA_C
|
||||
key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA
|
||||
|
||||
ECC key family: SECP K1
|
||||
ecc_key_family:PSA_ECC_CURVE_SECP_K1
|
||||
|
||||
ECC key family: SECP R1
|
||||
ecc_key_family:PSA_ECC_CURVE_SECP_R1
|
||||
|
||||
ECC key family: SECP R2
|
||||
ecc_key_family:PSA_ECC_CURVE_SECP_R2
|
||||
|
||||
ECC key family: SECT K1
|
||||
ecc_key_family:PSA_ECC_CURVE_SECT_K1
|
||||
|
||||
ECC key family: SECT R1
|
||||
ecc_key_family:PSA_ECC_CURVE_SECT_R1
|
||||
|
||||
ECC key family: SECT R2
|
||||
ecc_key_family:PSA_ECC_CURVE_SECT_R2
|
||||
|
||||
ECC key family: Brainpool P R1
|
||||
ecc_key_family:PSA_ECC_CURVE_BRAINPOOL_P_R1
|
||||
|
||||
ECC key family: Montgomery (Curve25519, Curve448)
|
||||
ecc_key_family:PSA_ECC_CURVE_MONTGOMERY
|
||||
|
||||
ECC key types: sect163k1
|
||||
depends_on:MBEDTLS_ECP_DP_SECT163K1_ENABLED
|
||||
ecc_key_types:PSA_ECC_CURVE_SECT163K1:163
|
||||
|
@ -471,6 +495,9 @@ ECC key types: Curve448
|
|||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecc_key_types:PSA_ECC_CURVE_CURVE448:448
|
||||
|
||||
DH group family: RFC 7919
|
||||
dh_key_family:PSA_DH_GROUP_RFC7919
|
||||
|
||||
DH group types: FFDHE2048
|
||||
dh_key_types:PSA_DH_GROUP_FFDHE2048:2048
|
||||
|
||||
|
|
|
@ -476,11 +476,10 @@ void stream_cipher_key_type( int type_arg )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecc_key_types( int curve_arg, int curve_bits_arg )
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
|
||||
void ecc_key_family( int curve_arg )
|
||||
{
|
||||
psa_ecc_curve_t curve = curve_arg;
|
||||
size_t curve_bits = curve_bits_arg;
|
||||
psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
|
||||
psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve );
|
||||
|
||||
|
@ -489,17 +488,23 @@ void ecc_key_types( int curve_arg, int curve_bits_arg )
|
|||
|
||||
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve );
|
||||
TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecc_key_types( int curve_arg, int curve_bits_arg )
|
||||
{
|
||||
size_t curve_bits = curve_bits_arg;
|
||||
test_ecc_key_family( curve_arg );
|
||||
|
||||
TEST_EQUAL( curve_bits, PSA_ECC_CURVE_BITS( curve ) );
|
||||
TEST_ASSERT( curve_bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
|
||||
void dh_key_types( int group_arg, int group_bits_arg )
|
||||
void dh_key_family( int group_arg )
|
||||
{
|
||||
psa_dh_group_t group = group_arg;
|
||||
size_t group_bits = group_bits_arg;
|
||||
psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group );
|
||||
psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group );
|
||||
|
||||
|
@ -508,8 +513,15 @@ void dh_key_types( int group_arg, int group_bits_arg )
|
|||
|
||||
TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( public_type ), group );
|
||||
TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( pair_type ), group );
|
||||
|
||||
/* We have nothing to validate about the group size yet. */
|
||||
(void) group_bits;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_DHM_C */
|
||||
void dh_key_types( int group_arg, int group_bits_arg )
|
||||
{
|
||||
test_dh_key_family( group_arg );
|
||||
/* We have nothing to validate about the group size yet. */
|
||||
(void) group_bits_arg;
|
||||
goto exit;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -100,13 +100,13 @@ Key import smoke test: RSA OAEP encryption
|
|||
import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
|
||||
|
||||
Key import smoke test: ECDSA secp256r1
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Key import smoke test: ECDH secp256r1
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Key import smoke test: ECDH secp256r1 with HKDF
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee"
|
||||
|
||||
Generate key: not supported
|
||||
generate_key_not_supported:PSA_KEY_TYPE_AES:128
|
||||
|
@ -140,24 +140,24 @@ register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
|
|||
|
||||
Import-sign-verify: sign in driver, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
||||
Import-sign-verify: sign in driver then export_public, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
||||
Import-sign-verify: sign in software, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
||||
Generate-sign-verify: sign in driver, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
||||
Generate-sign-verify: sign in driver then export_public, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
||||
Generate-sign-verify: sign in software, ECDSA
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP256R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
|
||||
|
|
|
@ -82,6 +82,28 @@
|
|||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Domain support functions */
|
||||
/****************************************************************/
|
||||
|
||||
/* Return the exact bit size given a curve family and a byte length. */
|
||||
static size_t ecc_curve_bits( psa_ecc_curve_t curve, size_t data_length )
|
||||
{
|
||||
switch( curve )
|
||||
{
|
||||
case PSA_ECC_CURVE_SECP_R1:
|
||||
if( data_length == PSA_BYTES_TO_BITS( 521 ) )
|
||||
return( 521 );
|
||||
break;
|
||||
case PSA_ECC_CURVE_MONTGOMERY:
|
||||
if( data_length == PSA_BYTES_TO_BITS( 255 ) )
|
||||
return( 255 );
|
||||
}
|
||||
/* If not listed above, assume a multiple of 8 bits. */
|
||||
return( PSA_BYTES_TO_BITS( data_length ) );
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Miscellaneous driver methods */
|
||||
/****************************************************************/
|
||||
|
@ -294,7 +316,11 @@ static psa_status_t ram_import( psa_drv_se_context_t *context,
|
|||
if( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) )
|
||||
*bits = PSA_BYTES_TO_BITS( data_length );
|
||||
else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
|
||||
*bits = PSA_ECC_CURVE_BITS( PSA_KEY_TYPE_GET_CURVE( type ) );
|
||||
{
|
||||
*bits = ecc_curve_bits( PSA_KEY_TYPE_GET_CURVE( type ), data_length );
|
||||
if( *bits == 0 )
|
||||
return( PSA_ERROR_DETECTED_BY_DRIVER );
|
||||
}
|
||||
else
|
||||
{
|
||||
memset( &ram_slots[slot_number], 0, sizeof( ram_slots[slot_number] ) );
|
||||
|
|
|
@ -39,27 +39,27 @@ persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:
|
|||
|
||||
Persistent slot: ECP keypair (ECDSA, exportable), close
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
|
||||
|
||||
Persistent slot: ECP keypair (ECDSA, exportable), close+restart
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
|
||||
|
||||
Persistent slot: ECP keypair (ECDSA, exportable), restart
|
||||
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
|
||||
|
||||
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close
|
||||
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE
|
||||
|
||||
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart
|
||||
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN
|
||||
|
||||
Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart
|
||||
depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
|
||||
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN
|
||||
|
||||
Attempt to overwrite: close before
|
||||
create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE
|
||||
|
|
Loading…
Reference in a new issue