From 0b17255da123b0b8717534d25c1c1adcb9ba5cab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2024 14:11:26 +0100 Subject: [PATCH 01/36] Introduce mbedtls_pk_get_psa_attributes Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657 as of dd77343381161e09a63b4694001da3957e27d3a7, i.e. https://github.com/Mbed-TLS/mbedtls/blob/dd77343381161e09a63b4694001da3957e27d3a7/docs/architecture/psa-migration/psa-legacy-bridges.md#api-to-create-a-psa-key-from-a-pk-context This commit introduces the function declaration, its documentation, the definition without the interesting parts and a negative unit test function. Subsequent commits will add RSA, ECC and PK_OPAQUE support. Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 116 +++++++++++++++++++++++++++- library/pk.c | 26 ++++++- tests/suites/test_suite_pk.data | 5 ++ tests/suites/test_suite_pk.function | 62 +++++++++++++++ 4 files changed, 207 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 27768bd35..a43b94955 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -28,7 +28,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" #endif @@ -484,6 +484,120 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, psa_key_usage_t usage); #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +/** + * \brief Determine valid PSA attributes that can be used to + * import a key into PSA. + * + * The attributes determined by this function are suitable + * for calling mbedtls_pk_import_into_psa() to create + * a PSA key with the same key material. + * + * The typical flow of operations involving this function is + * ``` + * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + * int ret = mbedtls_pk_get_psa_attributes(pk, &attributes); + * if (ret != 0) ...; // error handling omitted + * // Tweak attributes if desired + * psa_key_id_t key_id = 0; + * ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id); + * if (ret != 0) ...; // error handling omitted + * ``` + * + * \note This function does not support RSA-alt contexts + * (set up with mbedtls_pk_setup_rsa_alt()). + * + * \param[in] pk The PK context to use. It must have been set up. + * It can either contain a key pair or just a public key. + * \param usage A single `PSA_KEY_USAGE_xxx` flag among the following: + * - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_ENCRYPT as well as + * #PSA_KEY_USAGE_DECRYPT. + * - #PSA_KEY_USAGE_DERIVE: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type. + * - #PSA_KEY_USAGE_ENCRYPT: The output + * \p attributes will contain a public key type. + * - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_VERIFY_HASH as well as + * #PSA_KEY_USAGE_SIGN_HASH. + * - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_VERIFY_MESSAGE as well as + * #PSA_KEY_USAGE_SIGN_MESSAGE. + * - #PSA_KEY_USAGE_VERIFY_HASH: The output + * \p attributes will contain a public key type. + * - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output + * \p attributes will contain a public key type. + * \param[out] attributes + * On success, valid attributes to import the key into PSA. + * - The lifetime and key identifier are unchanged. If the + * attribute structure was initialized or reset before + * calling this function, this will result in a volatile + * key. Call psa_set_key_identifier() before or after this + * function if you wish to create a persistent key. Call + * psa_set_key_lifetime() before or after this function if + * you wish to import the key in a secure element. + * - The key type and bit-size are determined by the contents + * of the PK context. If the PK context contains a key + * pair, the key type can be either a key pair type or + * the corresponding public key type, depending on + * \p usage. If the PK context contains a public key, + * the key type is a public key type. + * - The key's policy is determined by the key type and + * the \p usage parameter. The usage always allows + * \p usage, exporting and copying the key, and + * possibly other permissions as documented for the + * \p usage parameter. + * The permitted algorithm is determined as follows + * based on the #mbedtls_pk_type_t type of \p pk, + * the chosen \p usage and other factors: + * - #MBEDTLS_PK_RSA with whose underlying + * #mbedtls_rsa_context has the padding mode + * #MBEDTLS_RSA_PKCS_V15: + * #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH) + * if \p usage is SIGN/VERIFY, and + * #PSA_ALG_RSA_PKCS1V15_CRYPT + * if \p usage is ENCRYPT/DECRYPT. + * - #MBEDTLS_PK_RSA with whose underlying + * #mbedtls_rsa_context has the padding mode + * #MBEDTLS_RSA_PKCS_V21 and the digest type + * corresponding to the PSA algorithm \c hash: + * #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH) + * if \p usage is SIGN/VERIFY, and + * #PSA_ALG_RSA_OAEP(\c hash) + * if \p usage is ENCRYPT/DECRYPT. + * - #MBEDTLS_PK_RSA_ALT: not supported. + * - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY + * if \p usage is SIGN/VERIFY: + * #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH) + * if #MBEDTLS_ECDSA_DETERMINISTIC is enabled, + * otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH). + * - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY + * if \p usage is DERIVE: + * #PSA_ALG_ECDH. + * - #MBEDTLS_PK_OPAQUE: same as the algorithm policy + * set for the underlying PSA key, except that + * sign/decrypt flags are removed if the type is + * set to a public key type. + * Note that the enrollment algorithm set with + * psa_set_key_enrollment_algorithm() is not copied. + * + * \return 0 on success. + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain + * a key of the type identified in \p attributes. + * Another error code on other failures. + */ +int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, + psa_key_usage_t usage, + psa_key_attributes_t *attributes); +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + /** * \brief Verify signature (including padding if relevant). * diff --git a/library/pk.c b/library/pk.c index 61ac0dfab..bde561a1e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,7 +29,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa_util_internal.h" #include "md_psa.h" #endif @@ -378,6 +378,30 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, + psa_key_usage_t usage, + psa_key_attributes_t *attributes) +{ + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + + switch (pk_type) { +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) + case MBEDTLS_PK_RSA_ALT: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + psa_set_key_usage_flags(attributes, usage); + + return 0; +} +#endif + /* * Helper for mbedtls_pk_sign and mbedtls_pk_verify */ diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index af1e20c46..e8ffff43f 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -680,3 +680,8 @@ pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 + +PSA attributes for pk: NONE (bad) +pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA + +# There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt(). diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 226598c72..0ac84a2f8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -162,6 +162,33 @@ size_t mbedtls_rsa_key_len_func(void *ctx) } #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, + mbedtls_pk_context *pk, psa_key_type_t *psa_type) +{ + int ok = 0; + + if (pk_type == MBEDTLS_PK_NONE) { + return 1; + } + TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); + + switch (pk_type) { + default: + TEST_FAIL("Unknown PK type in test data"); + break; + } + + if (!want_pair) { + *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); + } + ok = 1; + +exit: + return ok; +} +#endif + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* @@ -1263,6 +1290,14 @@ void pk_rsa_alt() TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, + PSA_KEY_USAGE_ENCRYPT, + &attributes), + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* Test signature */ #if SIZE_MAX > UINT_MAX TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, @@ -1569,3 +1604,30 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_get_psa_attributes_fail(int pk_type, int from_pair, + int usage_arg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_usage_t usage = usage_arg; + + MD_OR_USE_PSA_INIT(); + + psa_key_type_t expected_psa_type; + if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { + goto exit; + } + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), + expected_ret); + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ From 1f97e73114a37bab4655100890680592cdba8204 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2024 14:14:24 +0100 Subject: [PATCH 02/36] mbedtls_pk_get_psa_attributes: force enrollment algorithm off This avoids a possible gotcha when if the application code reuses an existing attribute structure. Signed-off-by: Gilles Peskine --- library/pk.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/pk.c b/library/pk.c index bde561a1e..706d5d38c 100644 --- a/library/pk.c +++ b/library/pk.c @@ -397,6 +397,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; psa_set_key_usage_flags(attributes, usage); +#if defined(MBEDTLS_PSA_CRYPTO_C) + /* Assume that we have all Mbed TLS attributes. When + * MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C, + * we only assume standard PSA functions. */ + psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE); +#endif return 0; } From 6ea18361dfcedd70e8cf3e2bb9925b0cfd73428e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2024 14:16:27 +0100 Subject: [PATCH 03/36] mbedtls_pk_get_psa_attributes: RSA support Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes(). Signed-off-by: Gilles Peskine --- library/pk.c | 64 ++++++++++++ tests/suites/test_suite_pk.data | 104 +++++++++++++++++++ tests/suites/test_suite_pk.function | 149 ++++++++++++++++++++++++++++ 3 files changed, 317 insertions(+) diff --git a/library/pk.c b/library/pk.c index 706d5d38c..1485bd76e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -379,6 +379,27 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_RSA_C) +static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa, + int want_crypt) +{ + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + if (want_crypt) { + mbedtls_md_type_t md_type = mbedtls_rsa_get_md_alg(rsa); + return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type)); + } else { + return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH); + } + } else { + if (want_crypt) { + return PSA_ALG_RSA_PKCS1V15_CRYPT; + } else { + return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); + } + } +} +#endif /* MBEDTLS_RSA_C */ + int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_key_usage_t usage, psa_key_attributes_t *attributes) @@ -386,6 +407,49 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + int want_crypt = 0; + int want_private = 0; + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + want_private = 1; + break; + case PSA_KEY_USAGE_SIGN_HASH: + usage |= PSA_KEY_USAGE_VERIFY_HASH; + want_private = 1; + break; + case PSA_KEY_USAGE_DECRYPT: + usage |= PSA_KEY_USAGE_ENCRYPT; + want_private = 1; + want_crypt = 1; + break; + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + break; + case PSA_KEY_USAGE_ENCRYPT: + want_crypt = 1; + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + /* Detect the presence of a private key in a way that works both + * in CRT and non-CRT configurations. */ + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + int has_private = (mbedtls_rsa_check_privkey(rsa) == 0); + if (want_private && !has_private) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_set_key_type(attributes, (want_private ? + PSA_KEY_TYPE_RSA_KEY_PAIR : + PSA_KEY_TYPE_RSA_PUBLIC_KEY)); + psa_set_key_bits(attributes, mbedtls_mpi_bitlen(&rsa->N)); + psa_set_key_algorithm(attributes, + psa_algorithm_for_rsa(rsa, want_crypt)); + break; +#endif /* MBEDTLS_RSA_C */ + #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) case MBEDTLS_PK_RSA_ALT: return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e8ffff43f..bc0de71b2 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -685,3 +685,107 @@ PSA attributes for pk: NONE (bad) pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA # There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt(). + +PSA attributes for pk: RSA v15 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 public DECRYPT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 pair SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair SIGN_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair->public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 public SIGN_HASH (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 pair DERIVE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 public DERIVE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0ac84a2f8..d6902b4d0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -174,6 +174,30 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + if (want_pair) { + TEST_EQUAL(mbedtls_rsa_gen_key( + rsa, + mbedtls_test_rnd_std_rand, NULL, + MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); + } else { + unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; + N[sizeof(N) - 1] = 0x03; + const unsigned char E[1] = {0x03}; + TEST_EQUAL(mbedtls_rsa_import_raw(rsa, + N, sizeof(N), + NULL, 0, NULL, 0, NULL, 0, + E, sizeof(E)), 0); + TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); + } + break; + } +#endif /* MBEDTLS_RSA_C */ + default: TEST_FAIL("Unknown PK type in test data"); break; @@ -1605,6 +1629,131 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_get_psa_attributes(int pk_type, int from_pair, + int usage_arg, + int to_pair, int expected_alg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_usage_t usage = usage_arg; + + MD_OR_USE_PSA_INIT(); + + psa_key_type_t expected_psa_type = 0; + if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { + goto exit; + } + if (!to_pair) { + expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); + } + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity + psa_set_key_id(&attributes, key_id); + psa_set_key_lifetime(&attributes, lifetime); + + psa_key_usage_t expected_usage = usage; + /* Usage implied universally */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + /* Usage implied by mbedtls_pk_get_psa_attributes() */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } + if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_DECRYPT) { + expected_usage |= PSA_KEY_USAGE_ENCRYPT; + } + expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); + + TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + key_id)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), + mbedtls_pk_get_bitlen(&pk)); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ +void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, + int usage_arg, + int to_pair, int expected_alg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_usage_t usage = usage_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + MD_OR_USE_PSA_INIT(); + + psa_key_type_t expected_psa_type = 0; + if (!pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, &pk, &expected_psa_type)) { + goto exit; + } + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); + if (!to_pair) { + expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); + } + + psa_key_usage_t expected_usage = usage; + /* Usage implied universally */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + /* Usage implied by mbedtls_pk_get_psa_attributes() */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } + if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_DECRYPT) { + expected_usage |= PSA_KEY_USAGE_ENCRYPT; + } + expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); + + TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + MBEDTLS_SVC_KEY_ID_INIT)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), + mbedtls_pk_get_bitlen(&pk)); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_get_psa_attributes_fail(int pk_type, int from_pair, int usage_arg, From ace7c7721ef30ae1bf1e218f1ff69720277f2f9d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2024 17:47:54 +0100 Subject: [PATCH 04/36] mbedtls_pk_get_psa_attributes: ECC support Add code and unit tests for MBEDTLS_PK_ECxxx in mbedtls_pk_get_psa_attributes(). This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit will handle driver-only ECC. Signed-off-by: Gilles Peskine --- library/pk.c | 72 ++++++++++-- tests/suites/test_suite_pk.data | 168 ++++++++++++++++++++++++++++ tests/suites/test_suite_pk.function | 30 ++++- 3 files changed, 262 insertions(+), 8 deletions(-) diff --git a/library/pk.c b/library/pk.c index 1485bd76e..432fbcff6 100644 --- a/library/pk.c +++ b/library/pk.c @@ -406,22 +406,28 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, { mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + psa_key_usage_t more_usage = usage; + if (usage == PSA_KEY_USAGE_SIGN_MESSAGE) { + more_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } else if (usage == PSA_KEY_USAGE_SIGN_HASH) { + more_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } else if (usage == PSA_KEY_USAGE_DECRYPT) { + more_usage |= PSA_KEY_USAGE_ENCRYPT; + } + more_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + switch (pk_type) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: + { int want_crypt = 0; int want_private = 0; switch (usage) { case PSA_KEY_USAGE_SIGN_MESSAGE: - usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - want_private = 1; - break; case PSA_KEY_USAGE_SIGN_HASH: - usage |= PSA_KEY_USAGE_VERIFY_HASH; want_private = 1; break; case PSA_KEY_USAGE_DECRYPT: - usage |= PSA_KEY_USAGE_ENCRYPT; want_private = 1; want_crypt = 1; break; @@ -448,8 +454,61 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_set_key_algorithm(attributes, psa_algorithm_for_rsa(rsa, want_crypt)); break; + } #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH); + int derive_ok = (pk_type != MBEDTLS_PK_ECDSA); + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + int has_private = (ec->d.n != 0); + size_t bits = 0; + psa_ecc_family_t family = + mbedtls_ecc_group_to_psa(ec->grp.id, &bits); + int want_private = 0; + psa_algorithm_t alg = 0; + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + case PSA_KEY_USAGE_SIGN_HASH: + want_private = 1; + /* FALLTHROUGH */ + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + if (!sign_ok) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); +#else + alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); +#endif + break; + case PSA_KEY_USAGE_DERIVE: + want_private = 1; + alg = PSA_ALG_ECDH; + if (!derive_ok) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + if (want_private && !has_private) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_set_key_type(attributes, (want_private ? + PSA_KEY_TYPE_ECC_KEY_PAIR(family) : + PSA_KEY_TYPE_ECC_PUBLIC_KEY(family))); + psa_set_key_bits(attributes, bits); + psa_set_key_algorithm(attributes, alg); + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) case MBEDTLS_PK_RSA_ALT: return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; @@ -459,8 +518,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; - psa_set_key_usage_flags(attributes, usage); + psa_set_key_usage_flags(attributes, more_usage); #if defined(MBEDTLS_PSA_CRYPTO_C) /* Assume that we have all Mbed TLS attributes. When * MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C, diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index bc0de71b2..f0903e33c 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -789,3 +789,171 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_ PSA attributes for pk: RSA v15 public DERIVE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair DERIVE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH + +PSA attributes for pk: ECKEY_DH pair DERIVE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH + +PSA attributes for pk: ECDSA pair DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair SIGN_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair SIGN_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair SIGN_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair SIGN_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair->public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair->public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d6902b4d0..90c5044d2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -187,7 +187,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, } else { unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; N[sizeof(N) - 1] = 0x03; - const unsigned char E[1] = {0x03}; + const unsigned char E[1] = { 0x03 }; TEST_EQUAL(mbedtls_rsa_import_raw(rsa, N, sizeof(N), NULL, 0, NULL, 0, NULL, 0, @@ -198,6 +198,23 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, } #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + mbedtls_ecp_group_id grp_id = mbedtls_ecp_grp_id_list()[0]; + size_t bits; + *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); + TEST_EQUAL(pk_genkey(pk, grp_id), 0); + if (!want_pair) { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + mbedtls_mpi_free(&ec->d); + } + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + default: TEST_FAIL("Unknown PK type in test data"); break; @@ -1674,6 +1691,17 @@ void pk_get_psa_attributes(int pk_type, int from_pair, } expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + /* When the resulting algorithm is ECDSA, the compile-time configuration + * can cause it to be either deterministic or randomized ECDSA. + * Rather than have two near-identical sets of test data depending on + * the configuration, always use randomized in the test data and + * tweak the expected result here. */ + if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { + expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); + } +#endif + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); From 94e3a873ce061b51f54746629ad9ce529fa5222e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2024 19:23:39 +0100 Subject: [PATCH 05/36] mbedtls_pk_get_psa_attributes: test bad usage value Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f0903e33c..ee348a34b 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -686,6 +686,36 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ # There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt(). +# Bad usage due to not specifying sign/crypt/derive. +PSA attributes for pk: RSA usage=0 (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Bad usage due to not specifying sign/crypt/derive. +PSA attributes for pk: RSA usage=EXPORT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Bad usage due to not specifying more than one of sign/crypt/derive. +PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + PSA attributes for pk: RSA v15 pair DECRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT From 758d8c7631ce0d9a737a586add0e6c26f0872e5c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2024 20:53:21 +0100 Subject: [PATCH 06/36] mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE Signed-off-by: Gilles Peskine --- library/pk.c | 52 +++++++++++++ tests/suites/test_suite_pk.data | 114 ++++++++++++++++++++++++++++ tests/suites/test_suite_pk.function | 54 +++++++++++++ 3 files changed, 220 insertions(+) diff --git a/library/pk.c b/library/pk.c index 432fbcff6..783b48866 100644 --- a/library/pk.c +++ b/library/pk.c @@ -514,6 +514,58 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + { + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + status = psa_get_key_attributes(pk->priv_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + case PSA_KEY_USAGE_SIGN_HASH: + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type) || + old_type == PSA_KEY_TYPE_RSA_KEY_PAIR)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + case PSA_KEY_USAGE_DECRYPT: + case PSA_KEY_USAGE_ENCRYPT: + if (old_type != PSA_KEY_TYPE_RSA_KEY_PAIR) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + case PSA_KEY_USAGE_DERIVE: + if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type))) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_key_type_t new_type = old_type; + /* Opaque keys are always key pairs, so we don't need a check + * on the input if the required usage is private. We just need + * to adjust the type correctly if the required usage is public. */ + if (usage == PSA_KEY_USAGE_VERIFY_MESSAGE || + usage == PSA_KEY_USAGE_VERIFY_HASH || + usage == PSA_KEY_USAGE_ENCRYPT) { + new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type); + } + more_usage = psa_get_key_usage_flags(&old_attributes); + psa_set_key_type(attributes, new_type); + psa_set_key_bits(attributes, psa_get_key_bits(&old_attributes)); + psa_set_key_algorithm(attributes, psa_get_key_algorithm(&old_attributes)); + break; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + default: return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index ee348a34b..55350b67b 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -987,3 +987,117 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MB PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:0 + +PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +# For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input +# key's algorithm policy. Just this time, test with a few different algorithms. +PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [0] +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:0 + +PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [raw] +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 + +PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [v15] +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 + +PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [PSS] +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:0 + +PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT + +PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:0 + +PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_HASH +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:0 + +PSA attributes for pk: opaque RSA pair->public, 0 & ENCRYPT +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:0 + +PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:0 + +PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT + +PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque ECC pair, 0 & SIGN_HASH +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:0 + +PSA attributes for pk: opaque ECC pair, ... & DERIVE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE + +PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque ECC pair->public, 0 & VERIFY_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:0 + +PSA attributes for pk: opaque ECC pair->public, 0 & VERIFY_HASH +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:0 + +PSA attributes for pk: opaque ECC pair->public, 0 & ENCRYPT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 90c5044d2..930d015dd 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1808,3 +1808,57 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_get_psa_attributes_opaque(int o_type_arg, int o_bits_arg, + int o_usage_arg, int o_alg_arg, + int usage_arg, + int expected_ret, + int to_pair, int expected_usage_arg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t o_type = o_type_arg; + size_t bits = o_bits_arg; + psa_key_usage_t o_usage = o_usage_arg; + psa_algorithm_t alg = o_alg_arg; + psa_key_usage_t usage = usage_arg; + psa_key_usage_t expected_usage = expected_usage_arg; + + USE_PSA_INIT(); + + psa_set_key_type(&attributes, o_type); + psa_set_key_bits(&attributes, bits); + psa_set_key_usage_flags(&attributes, o_usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_enrollment_algorithm(&attributes, 42); + //TODO: test with persistent key + PSA_ASSERT(psa_generate_key(&attributes, &key_id)); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); + + psa_key_type_t expected_psa_type = + to_pair ? o_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(o_type); + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + MBEDTLS_SVC_KEY_ID_INIT)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), bits); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + } + +exit: + mbedtls_pk_free(&pk); + psa_destroy_key(key_id); + psa_reset_key_attributes(&attributes); + USE_PSA_DONE(); +} +/* END_CASE */ From 7354f1e17870e528361f274aa4634441719e4b70 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 11:06:02 +0100 Subject: [PATCH 07/36] Allow building with MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_ECP_C This isn't officially supported, but it's convenient to build the library this way for quick testing. Signed-off-by: Gilles Peskine --- library/ssl_tls12_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0c5af87f4..b4b5781a1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2005,9 +2005,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } -#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); -#endif /* MBEDTLS_ECP_C */ +#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; From f3dbc98d967289f9de9b5f89c2e187e6d6468a35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 11:05:34 +0100 Subject: [PATCH 08/36] mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA Signed-off-by: Gilles Peskine --- library/pk.c | 13 +++++++++++ tests/suites/test_suite_pk.function | 36 ++++++++++++++++++++--------- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/library/pk.c b/library/pk.c index 783b48866..c34da9974 100644 --- a/library/pk.c +++ b/library/pk.c @@ -464,11 +464,24 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, { int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH); int derive_ok = (pk_type != MBEDTLS_PK_ECDSA); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + status = psa_get_key_attributes(pk->priv_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + int has_private = PSA_KEY_TYPE_IS_KEY_PAIR(old_type); + size_t bits = psa_get_key_bits(&old_attributes); + psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type); +#else mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); int has_private = (ec->d.n != 0); size_t bits = 0; psa_ecc_family_t family = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); +#endif int want_private = 0; psa_algorithm_t alg = 0; switch (usage) { diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 930d015dd..e522ea747 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -111,7 +111,14 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_genkey_ec(pk, curve_or_keybits); + if (ret != 0) { + return ret; + } + + return 0; +#else ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); if (ret != 0) { return ret; @@ -120,16 +127,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) &mbedtls_pk_ec_rw(*pk)->d, &mbedtls_pk_ec_rw(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_genkey_ec(pk, curve_or_keybits); - if (ret != 0) { - return ret; - } - - return 0; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* MBEDTLS_ECP_C && !MBEDTLS_PK_USE_PSA_EC_DATA */ } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ @@ -208,8 +206,24 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); TEST_EQUAL(pk_genkey(pk, grp_id), 0); if (!want_pair) { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type(&pub_attributes, + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type)); + psa_set_key_usage_flags(&pub_attributes, + PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_COPY | + PSA_KEY_USAGE_VERIFY_MESSAGE | + PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); + PSA_ASSERT(psa_destroy_key(pk->priv_id)); + PSA_ASSERT(psa_import_key(&pub_attributes, + pk->pub_raw, pk->pub_raw_len, + &pk->priv_id)); +#else mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); mbedtls_mpi_free(&ec->d); +#endif } break; } From c09df2f24c85623a426501f0fa6ef659cb57fbd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 17:03:31 +0100 Subject: [PATCH 09/36] Unify want_private detection This commit makes the code arguably slightly simpler and fixes the build with clang -Wimplicit-fallthrough. No intended semantic change. Signed-off-by: Gilles Peskine --- library/pk.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/library/pk.c b/library/pk.c index c34da9974..60891a07e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -416,24 +416,23 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, } more_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + int want_private = !(usage == PSA_KEY_USAGE_VERIFY_MESSAGE || + usage == PSA_KEY_USAGE_VERIFY_HASH || + usage == PSA_KEY_USAGE_ENCRYPT); + switch (pk_type) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: { - int want_crypt = 0; - int want_private = 0; + int want_crypt = 0; /* 0: encrypt/decrypt; 1: sign/verify */ switch (usage) { case PSA_KEY_USAGE_SIGN_MESSAGE: case PSA_KEY_USAGE_SIGN_HASH: - want_private = 1; - break; - case PSA_KEY_USAGE_DECRYPT: - want_private = 1; - want_crypt = 1; - break; case PSA_KEY_USAGE_VERIFY_MESSAGE: case PSA_KEY_USAGE_VERIFY_HASH: + /* Nothing to do. */ break; + case PSA_KEY_USAGE_DECRYPT: case PSA_KEY_USAGE_ENCRYPT: want_crypt = 1; break; @@ -482,13 +481,10 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_ecc_family_t family = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); #endif - int want_private = 0; psa_algorithm_t alg = 0; switch (usage) { case PSA_KEY_USAGE_SIGN_MESSAGE: case PSA_KEY_USAGE_SIGN_HASH: - want_private = 1; - /* FALLTHROUGH */ case PSA_KEY_USAGE_VERIFY_MESSAGE: case PSA_KEY_USAGE_VERIFY_HASH: if (!sign_ok) { @@ -501,7 +497,6 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, #endif break; case PSA_KEY_USAGE_DERIVE: - want_private = 1; alg = PSA_ALG_ECDH; if (!derive_ok) { return MBEDTLS_ERR_PK_TYPE_MISMATCH; @@ -566,9 +561,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, /* Opaque keys are always key pairs, so we don't need a check * on the input if the required usage is private. We just need * to adjust the type correctly if the required usage is public. */ - if (usage == PSA_KEY_USAGE_VERIFY_MESSAGE || - usage == PSA_KEY_USAGE_VERIFY_HASH || - usage == PSA_KEY_USAGE_ENCRYPT) { + if (!want_private) { new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type); } more_usage = psa_get_key_usage_flags(&old_attributes); From 51860149f4c3b1bf2d7f9be0b4de9304f41d0a61 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 17:45:33 +0100 Subject: [PATCH 10/36] Allow context types with an ALT version to be linked in Doxygen In our tests, we run `tests/scripts/doxygen.sh`, which checks that `doxygen` runs without warnings after `scripts/config.py realfull`. In this configuration, alternative implementations such as `MBEDTLS_RSA_ALT` are enabled, which allows the documentation to contain references to the `MBEDTLS_xxx_ALT` symbol itself. However, this disables context types that alternative implementations must define in their header, such as `mbedtls_rsa_context`. See https://github.com/Mbed-TLS/mbedtls/issues/4518 As a partial fix, allow `tests/scripts/doxygen.sh` to see dummy definitions of the context type. This way, we can use both `#MBEDTLS_RSA_ALT` and `#mbedtls_rsa_context` cross-references in our documentation. This is not ideal, because `doxygen.sh` isn't testing for errors in the documentation of the affected context types, but it's cheap progress. Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 89048f221..b64c89202 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include input +INPUT = ../include input ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 55effd9456aef0648ceacc0812164a98d4d5ce29 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 18:07:36 +0100 Subject: [PATCH 11/36] Fix the build with MBEDTLS_RSA_ALT Signed-off-by: Gilles Peskine --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 60891a07e..191132553 100644 --- a/library/pk.c +++ b/library/pk.c @@ -449,7 +449,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_set_key_type(attributes, (want_private ? PSA_KEY_TYPE_RSA_KEY_PAIR : PSA_KEY_TYPE_RSA_PUBLIC_KEY)); - psa_set_key_bits(attributes, mbedtls_mpi_bitlen(&rsa->N)); + psa_set_key_bits(attributes, mbedtls_pk_get_bitlen(pk)); psa_set_key_algorithm(attributes, psa_algorithm_for_rsa(rsa, want_crypt)); break; From 00f3085163a22318b3122c640cbf2b9bc2a2f5a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 20:25:34 +0100 Subject: [PATCH 12/36] Missing dependency for MBEDTLS_PK_ECDSA Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 55350b67b..8951e7217 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -829,7 +829,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DECRYPT (bad) @@ -841,7 +841,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair ENCRYPT (bad) @@ -853,7 +853,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public ENCRYPT (bad) @@ -865,7 +865,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DERIVE @@ -877,7 +877,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECDSA pair DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DERIVE (bad) @@ -889,7 +889,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair SIGN_MESSAGE @@ -897,7 +897,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair SIGN_HASH @@ -905,7 +905,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE @@ -913,7 +913,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_HASH @@ -921,7 +921,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_MESSAGE @@ -929,7 +929,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_HASH @@ -937,7 +937,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) @@ -945,7 +945,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public SIGN_HASH (bad) @@ -953,7 +953,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) From 64996c3be901c62636cfa2d88e92f2c31118bef5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2024 20:25:47 +0100 Subject: [PATCH 13/36] Disable MBEDTLS_PSA_CRYPTO_CLIENT in no-PSA builds When building without PSA crypto functions, disable MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to exist at link time but be provided by a third party. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44930d28b..13338d4cd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1552,6 +1552,7 @@ component_test_full_no_cipher_no_psa_crypto () { scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TICKET_C # Disable features that depend on PSA_CRYPTO_C @@ -2430,11 +2431,12 @@ component_build_dhm_alt () { make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib } -component_test_no_use_psa_crypto_full_cmake_asan() { - # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh - msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" +component_test_no_psa_crypto_full_cmake_asan() { + # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh + msg "build: cmake, full config minus PSA crypto, ASan" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C @@ -2445,7 +2447,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: main suites (full minus PSA crypto)" make test # Note: ssl-opt.sh has some test cases that depend on From 9cd2e9ad1b0c198708694661fc0567cddf2c754a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Jan 2024 13:40:09 +0100 Subject: [PATCH 14/36] mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C Ideally this and other pk functions would work with MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented locally or via client-server communication). However, at the moment, some helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least mbedtls_ecc_group_to_psa(). For the time being, don't provide mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We can improve later, looking generally at a group of functions to generalize, not mixed with delivering new APIs. Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 4 ++-- library/pk.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a43b94955..54ca9adc8 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -484,7 +484,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, psa_key_usage_t usage); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_C) /** * \brief Determine valid PSA attributes that can be used to * import a key into PSA. @@ -596,7 +596,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_key_usage_t usage, psa_key_attributes_t *attributes); -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ /** * \brief Verify signature (including padding if relevant). diff --git a/library/pk.c b/library/pk.c index 191132553..b629ce2e8 100644 --- a/library/pk.c +++ b/library/pk.c @@ -378,7 +378,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_RSA_C) static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa, int want_crypt) @@ -586,7 +586,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, return 0; } -#endif +#endif /* MBEDTLS_PSA_CRYPTO_C */ /* * Helper for mbedtls_pk_sign and mbedtls_pk_verify From 2bd4ddc8e0c0a908aea046ff8f79547805e840cd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Jan 2024 14:15:02 +0100 Subject: [PATCH 15/36] Implement pick-a-curve when ECP_LIGHT is disabled Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 39 ++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e522ea747..2a8a5f78c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -160,6 +160,43 @@ size_t mbedtls_rsa_key_len_func(void *ctx) } #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) +static mbedtls_ecp_group_id ecc_pick_grp_id(void) +{ +#if defined(MBEDTLS_ECP_LIGHT) + return mbedtls_ecp_grp_id_list()[0]; +#elif defined(PSA_WANT_ECC_SECP_R1_192) + return MBEDTLS_ECP_DP_SECP192R1; +#elif defined(PSA_WANT_ECC_SECP_R1_224) + return MBEDTLS_ECP_DP_SECP224R1; +#elif defined(PSA_WANT_ECC_SECP_R1_256) + return MBEDTLS_ECP_DP_SECP256R1; +#elif defined(PSA_WANT_ECC_SECP_R1_384) + return MBEDTLS_ECP_DP_SECP384R1; +#elif defined(PSA_WANT_ECC_SECP_R1_521) + return MBEDTLS_ECP_DP_SECP521R1; +#elif defined(PSA_WANT_ECC_SECP_K1_192) + return MBEDTLS_ECP_DP_SECP192K1; +#elif defined(PSA_WANT_ECC_SECP_K1_224) + return MBEDTLS_ECP_DP_SECP224K1; +#elif defined(PSA_WANT_ECC_SECP_K1_256) + return MBEDTLS_ECP_DP_SECP256K1; +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + return MBEDTLS_ECP_DP_BP256R1; +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + return MBEDTLS_ECP_DP_BP384R1; +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + return MBEDTLS_ECP_DP_BP512R1; +#elif defined(PSA_WANT_ECC_MONTGOMERY_255) + return MBEDTLS_ECP_DP_CURVE25519; +#elif defined(PSA_WANT_ECC_MONTGOMERY_448) + return MBEDTLS_ECP_DP_CURVE448; +#else + return 0; +#endif +} +#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) */ + #if defined(MBEDTLS_PSA_CRYPTO_C) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) @@ -201,7 +238,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: { - mbedtls_ecp_group_id grp_id = mbedtls_ecp_grp_id_list()[0]; + mbedtls_ecp_group_id grp_id = ecc_pick_grp_id(); size_t bits; *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); TEST_EQUAL(pk_genkey(pk, grp_id), 0); From 77faddf93b3fbe9601dcdb69fdc0e338d5f5133d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Jan 2024 10:50:17 +0100 Subject: [PATCH 16/36] Depend on legacy RSA key generation for test code In principle the RSA tests shouldn't depend on RSA key generation: they just need to operate on RSA keys. However they do need some method of creating an RSA key, and we're currently doing random generation. So depend on what the test code needs. Depend on the legacy RSA interface, since driver-only RSA isn't currently supported in the PK module. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 96 ++++++++++++++--------------- tests/suites/test_suite_pk.function | 6 +- 2 files changed, 53 insertions(+), 49 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 8951e7217..e64f9b761 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -688,136 +688,136 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=0 (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:0:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=EXPORT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to not specifying more than one of sign/crypt/derive. PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public DECRYPT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair SIGN_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public SIGN_HASH (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DERIVE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public DERIVE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DECRYPT (bad) @@ -989,69 +989,69 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:0 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT # For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input # key's algorithm policy. Just this time, test with a few different algorithms. PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [0] -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:0 PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [raw] -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [v15] -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [PSS] -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:0 PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:0 PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:0 PSA attributes for pk: opaque RSA pair->public, 0 & ENCRYPT -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:0 PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2a8a5f78c..cf0581c83 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -215,10 +215,14 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); if (want_pair) { +#if defined(MBEDTLS_GENPRIME) TEST_EQUAL(mbedtls_rsa_gen_key( rsa, mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); +#else + TEST_FAIL("I don't know how to create an RSA key pair in this configuration."); +#endif } else { unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; N[sizeof(N) - 1] = 0x03; @@ -1772,7 +1776,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, int usage_arg, int to_pair, int expected_alg) From 43643c471492a6524600ecbbd3b90db94b3db538 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jan 2024 13:21:59 +0100 Subject: [PATCH 17/36] Remove now-redundant guard fixup "mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C" Signed-off-by: Gilles Peskine --- library/pk.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/pk.c b/library/pk.c index b629ce2e8..3f2878738 100644 --- a/library/pk.c +++ b/library/pk.c @@ -577,12 +577,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, } psa_set_key_usage_flags(attributes, more_usage); -#if defined(MBEDTLS_PSA_CRYPTO_C) - /* Assume that we have all Mbed TLS attributes. When - * MBEDTLS_PSA_CRYPTO_CLIENT is enabled but not MBEDTLS_PSA_CRYPTO_C, - * we only assume standard PSA functions. */ psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE); -#endif return 0; } From e0c13cffb30453877d7e1f280465d50da1671021 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Jan 2024 10:17:49 +0100 Subject: [PATCH 18/36] Update some msg descriptions Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 13338d4cd..aeeddd6b9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2453,16 +2453,16 @@ component_test_no_psa_crypto_full_cmake_asan() { # Note: ssl-opt.sh has some test cases that depend on # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO # This is the only component where those tests are not skipped. - msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: ssl-opt.sh (full minus PSA crypto)" tests/ssl-opt.sh - msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh default (full minus PSA crypto)" tests/compat.sh - msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh NULL (full minus PSA crypto)" tests/compat.sh -f 'NULL' - msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)" env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } From f8c2cd14896d0047926a3e242896ece3b580c0b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Jan 2024 10:18:36 +0100 Subject: [PATCH 19/36] Update preprocessor guard comment Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index cf0581c83..23a7b2523 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -127,7 +127,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) &mbedtls_pk_ec_rw(*pk)->d, &mbedtls_pk_ec_rw(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_ECP_C && !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ From 3da3c0a0009dca7abd26c387d1754f8c56a431e6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Jan 2024 10:22:29 +0100 Subject: [PATCH 20/36] Always call psa_crypto_init when testing mbedtls_pk_get_psa_attributes mbedtls_pk_get_psa_attributes() actually works without having initialized the PSA subsystem, because it doesn't call any non-client PSA API functions. But the function is only useful in conjunction with the PSA API: it's meant to be followed by importing a key with the resulting attributes. We don't advertize it to work without an up-and-running PSA subsystem, and there's no need to test it without an up-and-running PSA subsystem as we were (accidentally) doing. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 23a7b2523..225ead484 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1711,7 +1711,7 @@ void pk_get_psa_attributes(int pk_type, int from_pair, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_usage_t usage = usage_arg; - MD_OR_USE_PSA_INIT(); + PSA_INIT(); psa_key_type_t expected_psa_type = 0; if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { @@ -1772,7 +1772,7 @@ void pk_get_psa_attributes(int pk_type, int from_pair, exit: mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -1786,7 +1786,7 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, psa_key_usage_t usage = usage_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - MD_OR_USE_PSA_INIT(); + PSA_INIT(); psa_key_type_t expected_psa_type = 0; if (!pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, &pk, &expected_psa_type)) { @@ -1833,7 +1833,7 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, exit: mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -1847,7 +1847,7 @@ void pk_get_psa_attributes_fail(int pk_type, int from_pair, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_usage_t usage = usage_arg; - MD_OR_USE_PSA_INIT(); + PSA_INIT(); psa_key_type_t expected_psa_type; if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { @@ -1860,7 +1860,7 @@ void pk_get_psa_attributes_fail(int pk_type, int from_pair, exit: mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ From 03aa9bc2268d2e5c00fccb3cfd18c498e23f79a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Jan 2024 11:08:44 +0100 Subject: [PATCH 21/36] Switch pk_setup_for_type() to return MBEDTLS_ERR_xxx Use mbedtls return codes rather than a boolean "has test not failed?". Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 225ead484..3fa7c7a1c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -6,6 +6,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/base64.h" #include "mbedtls/ecp.h" +#include "mbedtls/error.h" #include "mbedtls/rsa.h" #include "pk_internal.h" @@ -201,10 +202,8 @@ static mbedtls_ecp_group_id ecc_pick_grp_id(void) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) { - int ok = 0; - if (pk_type == MBEDTLS_PK_NONE) { - return 1; + return 0; } TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); @@ -278,10 +277,10 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, if (!want_pair) { *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); } - ok = 1; + return 0; exit: - return ok; + return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } #endif @@ -1714,9 +1713,8 @@ void pk_get_psa_attributes(int pk_type, int from_pair, PSA_INIT(); psa_key_type_t expected_psa_type = 0; - if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { - goto exit; - } + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); if (!to_pair) { expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); } @@ -1789,9 +1787,8 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, PSA_INIT(); psa_key_type_t expected_psa_type = 0; - if (!pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, &pk, &expected_psa_type)) { - goto exit; - } + TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, + &pk, &expected_psa_type), 0); mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); if (!to_pair) { @@ -1850,9 +1847,8 @@ void pk_get_psa_attributes_fail(int pk_type, int from_pair, PSA_INIT(); psa_key_type_t expected_psa_type; - if (!pk_setup_for_type(pk_type, from_pair, &pk, &expected_psa_type)) { - goto exit; - } + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), expected_ret); From e208b25b7942c3c5ee2c092363d2d38ee4d913cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:42:21 +0100 Subject: [PATCH 22/36] Minor documentation improvements Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 54ca9adc8..7b41321f0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -554,17 +554,17 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, * \p usage, exporting and copying the key, and * possibly other permissions as documented for the * \p usage parameter. - * The permitted algorithm is determined as follows + * The permitted algorithm policy is determined as follows * based on the #mbedtls_pk_type_t type of \p pk, * the chosen \p usage and other factors: - * - #MBEDTLS_PK_RSA with whose underlying + * - #MBEDTLS_PK_RSA whose underlying * #mbedtls_rsa_context has the padding mode * #MBEDTLS_RSA_PKCS_V15: * #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH) * if \p usage is SIGN/VERIFY, and * #PSA_ALG_RSA_PKCS1V15_CRYPT * if \p usage is ENCRYPT/DECRYPT. - * - #MBEDTLS_PK_RSA with whose underlying + * - #MBEDTLS_PK_RSA whose underlying * #mbedtls_rsa_context has the padding mode * #MBEDTLS_RSA_PKCS_V21 and the digest type * corresponding to the PSA algorithm \c hash: @@ -581,7 +581,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, * - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY * if \p usage is DERIVE: * #PSA_ALG_ECDH. - * - #MBEDTLS_PK_OPAQUE: same as the algorithm policy + * - #MBEDTLS_PK_OPAQUE: same as the primary algorithm * set for the underlying PSA key, except that * sign/decrypt flags are removed if the type is * set to a public key type. From 19411635a5bf6f3c45744b82855f1aa3380f8a50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:42:28 +0100 Subject: [PATCH 23/36] Test enrollment algorithm for the non-OPAQUE case Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3fa7c7a1c..0711a93a9 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1723,6 +1723,7 @@ void pk_get_psa_attributes(int pk_type, int from_pair, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity psa_set_key_id(&attributes, key_id); psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_enrollment_algorithm(&attributes, 42); psa_key_usage_t expected_usage = usage; /* Usage implied universally */ From 7e353ba37a70961f5eb934c2d5be190ad654cf51 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:46:19 +0100 Subject: [PATCH 24/36] Create auxiliary function for repeated code Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 68 ++++++++++++----------------- 1 file changed, 28 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0711a93a9..14d049dfc 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -135,6 +135,32 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) return -1; } +#if defined(MBEDTLS_PSA_CRYPTO_C) +static psa_key_usage_t pk_get_psa_attributes_implied_usage( + psa_key_usage_t expected_usage) +{ + /* Usage implied universally */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + /* Usage implied by mbedtls_pk_get_psa_attributes() */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } + if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_DECRYPT) { + expected_usage |= PSA_KEY_USAGE_ENCRYPT; + } + expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + return expected_usage; +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, @@ -1724,26 +1750,7 @@ void pk_get_psa_attributes(int pk_type, int from_pair, psa_set_key_id(&attributes, key_id); psa_set_key_lifetime(&attributes, lifetime); psa_set_key_enrollment_algorithm(&attributes, 42); - - psa_key_usage_t expected_usage = usage; - /* Usage implied universally */ - if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { - expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; - } - if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { - expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - /* Usage implied by mbedtls_pk_get_psa_attributes() */ - if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { - expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; - } - if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - if (expected_usage & PSA_KEY_USAGE_DECRYPT) { - expected_usage |= PSA_KEY_USAGE_ENCRYPT; - } - expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* When the resulting algorithm is ECDSA, the compile-time configuration @@ -1795,26 +1802,7 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, if (!to_pair) { expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); } - - psa_key_usage_t expected_usage = usage; - /* Usage implied universally */ - if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { - expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; - } - if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { - expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - /* Usage implied by mbedtls_pk_get_psa_attributes() */ - if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { - expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; - } - if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - if (expected_usage & PSA_KEY_USAGE_DECRYPT) { - expected_usage |= PSA_KEY_USAGE_ENCRYPT; - } - expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); From ae2668be973fac1a437955c0e61fda636ee9a647 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:48:04 +0100 Subject: [PATCH 25/36] Don't use mbedtls_pk_ec in our own code Signed-off-by: Gilles Peskine --- library/pk.c | 2 +- tests/suites/test_suite_pk.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pk.c b/library/pk.c index 3f2878738..696e7e507 100644 --- a/library/pk.c +++ b/library/pk.c @@ -475,7 +475,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, size_t bits = psa_get_key_bits(&old_attributes); psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type); #else - mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); int has_private = (ec->d.n != 0); size_t bits = 0; psa_ecc_family_t family = diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 14d049dfc..706bb7086 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -287,7 +287,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, pk->pub_raw, pk->pub_raw_len, &pk->priv_id)); #else - mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); mbedtls_mpi_free(&ec->d); #endif } From 0aad5f8f34bb6a6ecf2e30c6d01dde4c77944e30 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:49:46 +0100 Subject: [PATCH 26/36] Copypasta Signed-off-by: Gilles Peskine --- library/pk.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 696e7e507..c32294d43 100644 --- a/library/pk.c +++ b/library/pk.c @@ -553,7 +553,6 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_TYPE_MISMATCH; } break; - break; default: return MBEDTLS_ERR_PK_TYPE_MISMATCH; } From 2e54854d16ff84d8d2277134b1a14bd507f4a742 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:50:00 +0100 Subject: [PATCH 27/36] Copypasta Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e64f9b761..204f58cc8 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -701,7 +701,7 @@ PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH -# Bad usage due to not specifying more than one of sign/crypt/derive. +# Bad usage due to specifying more than one of sign/crypt/derive. PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH From e2a77f21ea79063a1e9dd025447cf927283ff222 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:50:24 +0100 Subject: [PATCH 28/36] Use PSA_INIT with test that requires PSA USE_PSA_INIT is for test code that doesn't use PSA functions when USE_PSA_CRYPTO is disabled. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 706bb7086..7969d22b0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1867,7 +1867,7 @@ void pk_get_psa_attributes_opaque(int o_type_arg, int o_bits_arg, psa_key_usage_t usage = usage_arg; psa_key_usage_t expected_usage = expected_usage_arg; - USE_PSA_INIT(); + PSA_INIT(); psa_set_key_type(&attributes, o_type); psa_set_key_bits(&attributes, bits); @@ -1899,6 +1899,6 @@ exit: mbedtls_pk_free(&pk); psa_destroy_key(key_id); psa_reset_key_attributes(&attributes); - USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ From e45d51f7b58deb9ad4e246d111b26af3bdfc8698 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 20:53:11 +0100 Subject: [PATCH 29/36] Clearer variable names Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 7969d22b0..3d7a1798d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1850,8 +1850,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ -void pk_get_psa_attributes_opaque(int o_type_arg, int o_bits_arg, - int o_usage_arg, int o_alg_arg, +void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, + int from_usage_arg, int from_alg_arg, int usage_arg, int expected_ret, int to_pair, int expected_usage_arg) @@ -1860,18 +1860,18 @@ void pk_get_psa_attributes_opaque(int o_type_arg, int o_bits_arg, mbedtls_pk_init(&pk); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t o_type = o_type_arg; - size_t bits = o_bits_arg; - psa_key_usage_t o_usage = o_usage_arg; - psa_algorithm_t alg = o_alg_arg; + psa_key_type_t from_type = from_type_arg; + size_t bits = from_bits_arg; + psa_key_usage_t from_usage = from_usage_arg; + psa_algorithm_t alg = from_alg_arg; psa_key_usage_t usage = usage_arg; psa_key_usage_t expected_usage = expected_usage_arg; PSA_INIT(); - psa_set_key_type(&attributes, o_type); + psa_set_key_type(&attributes, from_type); psa_set_key_bits(&attributes, bits); - psa_set_key_usage_flags(&attributes, o_usage); + psa_set_key_usage_flags(&attributes, from_usage); psa_set_key_algorithm(&attributes, alg); psa_set_key_enrollment_algorithm(&attributes, 42); //TODO: test with persistent key @@ -1879,7 +1879,7 @@ void pk_get_psa_attributes_opaque(int o_type_arg, int o_bits_arg, TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); psa_key_type_t expected_psa_type = - to_pair ? o_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(o_type); + to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), expected_ret); From e8209752440abd4f2014e71e7a0aa018ad247db4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 21:00:33 +0100 Subject: [PATCH 30/36] Fix comment Signed-off-by: Gilles Peskine --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index c32294d43..80e30bea0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -424,7 +424,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: { - int want_crypt = 0; /* 0: encrypt/decrypt; 1: sign/verify */ + int want_crypt = 0; /* 0: sign/verify; 1: encrypt/decrypt */ switch (usage) { case PSA_KEY_USAGE_SIGN_MESSAGE: case PSA_KEY_USAGE_SIGN_HASH: From 793920c1ffc64660835d1257afbc9daf3d16eb58 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 21:26:54 +0100 Subject: [PATCH 31/36] mbedtls_pk_get_psa_attributes: opaque: require specified usage In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the specified usage to be enabled for the specified key. Otherwise the following call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably an error. Adjust the existing test cases accordingly and add a few negative test cases. Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 1 + library/pk.c | 3 ++ tests/suites/test_suite_pk.data | 60 +++++++++++++++++++-------------- 3 files changed, 38 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 7b41321f0..f218558b4 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -585,6 +585,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, * set for the underlying PSA key, except that * sign/decrypt flags are removed if the type is * set to a public key type. + * The underlying key must allow \p usage. * Note that the enrollment algorithm set with * psa_set_key_enrollment_algorithm() is not copied. * diff --git a/library/pk.c b/library/pk.c index 80e30bea0..3b9c5376d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -564,6 +564,9 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type); } more_usage = psa_get_key_usage_flags(&old_attributes); + if ((usage & more_usage) == 0) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } psa_set_key_type(attributes, new_type); psa_set_key_bits(attributes, psa_get_key_bits(&old_attributes)); psa_set_key_algorithm(attributes, psa_get_key_algorithm(&old_attributes)); diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 204f58cc8..0858163c9 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -988,9 +988,9 @@ PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH -PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE +PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME @@ -1008,23 +1008,31 @@ PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + # For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input # key's algorithm policy. Just this time, test with a few different algorithms. -PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [0] +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0] depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE -PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [raw] +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw] depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE -PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [v15] +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15] depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE -PSA attributes for pk: opaque RSA pair, 0 & SIGN_HASH [PSS] +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS] depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME @@ -1042,21 +1050,21 @@ PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 -PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_MESSAGE +PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE -PSA attributes for pk: opaque RSA pair->public, 0 & VERIFY_HASH +PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE -PSA attributes for pk: opaque RSA pair->public, 0 & ENCRYPT +PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT -PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE +PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 @@ -1074,9 +1082,9 @@ PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT -PSA attributes for pk: opaque ECC pair, 0 & SIGN_HASH +PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH PSA attributes for pk: opaque ECC pair, ... & DERIVE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 @@ -1090,14 +1098,14 @@ PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 -PSA attributes for pk: opaque ECC pair->public, 0 & VERIFY_MESSAGE +PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE -PSA attributes for pk: opaque ECC pair->public, 0 & VERIFY_HASH +PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH -PSA attributes for pk: opaque ECC pair->public, 0 & ENCRYPT (bad) +PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 From a1a7b0805758f28d3ddf3505ddba092028855782 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 21:32:29 +0100 Subject: [PATCH 32/36] Fix typo in dependency Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 0858163c9..3902d3dc3 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1063,49 +1063,49 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH PSA attributes for pk: opaque ECC pair, ... & DERIVE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_FAMILY_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 From 591e83d13969019b887a2499b92f722923cb3fe5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Feb 2024 21:33:44 +0100 Subject: [PATCH 33/36] Add missing implied usage Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 3902d3dc3..55146feaa 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1084,7 +1084,7 @@ pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):2 PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, ... & DERIVE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 @@ -1104,7 +1104,7 @@ pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):2 PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 From cb3b4cae0a78460be0cadec7bc553d629e838e4c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Feb 2024 13:12:39 +0100 Subject: [PATCH 34/36] Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA The test code to construct test keys and the implementation had matching errors: both assumed that there was a PSA public key object. Fix this. Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 2 ++ library/pk.c | 14 +++++--------- tests/suites/test_suite_pk.function | 4 +--- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f218558b4..13b960a87 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -253,6 +253,8 @@ typedef struct mbedtls_pk_context { * inside the ecp_keypair structure * - the following fields are used for all public key operations: signature * verify, key pair check and key write. + * - For a key pair, priv_id contains the private key. For a public key, + * priv_id is null. * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy * ecp_keypair structure is used for storing the public key and performing * all the operations. diff --git a/library/pk.c b/library/pk.c index 3b9c5376d..d0869b822 100644 --- a/library/pk.c +++ b/library/pk.c @@ -464,16 +464,12 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH); int derive_ok = (pk_type != MBEDTLS_PK_ECDSA); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - status = psa_get_key_attributes(pk->priv_id, &old_attributes); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + psa_ecc_family_t family = pk->ec_family; + size_t bits = pk->ec_bits; + int has_private = 0; + if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) { + has_private = 1; } - psa_key_type_t old_type = psa_get_key_type(&old_attributes); - int has_private = PSA_KEY_TYPE_IS_KEY_PAIR(old_type); - size_t bits = psa_get_key_bits(&old_attributes); - psa_ecc_family_t family = PSA_KEY_TYPE_ECC_GET_FAMILY(old_type); #else const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); int has_private = (ec->d.n != 0); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3d7a1798d..efbe6b0c3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -283,9 +283,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); PSA_ASSERT(psa_destroy_key(pk->priv_id)); - PSA_ASSERT(psa_import_key(&pub_attributes, - pk->pub_raw, pk->pub_raw_len, - &pk->priv_id)); + pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT; #else mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); mbedtls_mpi_free(&ec->d); From d078386287b53486ec95fc400a7bcd1007b18f39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Feb 2024 13:13:34 +0100 Subject: [PATCH 35/36] Smoke tests for mbedtls_pk_get_psa_attributes after parsing We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once that function is implemented. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 82 +++++++++++++++++++++++- 1 file changed, 79 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index d416b8724..14afef6e9 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -41,6 +41,33 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); + +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_SIGN_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_SIGN_MESSAGE, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_DECRYPT, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_MESSAGE, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_ENCRYPT, + &attributes), 0); +#endif } exit: @@ -68,6 +95,21 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); + +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_ENCRYPT, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_MESSAGE, + &attributes), 0); +#endif } exit: @@ -100,6 +142,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0); #endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_MESSAGE, + &attributes), 0); +#endif } exit: @@ -124,11 +177,34 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + /* PSA keys are already checked on import so nothing to do here. */ +#else const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0); -#else - /* PSA keys are already checked on import so nothing to do here. */ +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_SIGN_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_SIGN_MESSAGE, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_DERIVE, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_HASH, + &attributes), 0); + psa_reset_key_attributes(&attributes); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, + PSA_KEY_USAGE_VERIFY_MESSAGE, + &attributes), 0); #endif } From 735ac3ec05f08392e8890632d9489f43f8778ea6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 6 Feb 2024 11:11:32 +0100 Subject: [PATCH 36/36] Fix builds with secp224k1 as the only curve Normally, if an elliptic curve is enabled in the legacy API then it's also enabled in the PSA API. In particular, if the legacy API has at least one curve then that curve also works with PSA. There is an exception with secp224k1 which PSA does not support. In a build with secp224k1 as the only legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the curve through PK) but PSA does not support any elliptic curve, so we can't run PK-PSA bridge tests. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 84 ++++++++++++++--------------- tests/suites/test_suite_pk.function | 24 +++++++++ 2 files changed, 66 insertions(+), 42 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 55146feaa..341495883 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -821,171 +821,171 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DERIVE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECKEY_DH pair DERIVE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECDSA pair DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair SIGN_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair SIGN_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2dd35c8fd..257430702 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -36,6 +36,30 @@ #define MBEDTLS_TEST_PK_PSA_SIGN #endif +/* MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE is enabled when PSA supports + * at least one elliptic curve. This is distinct from + * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY because that symbol can be enabled even + * when there are no curves. This happens in particular in a configuration + * with MBEDTLS_PSA_CRYPTO_CONFIG disabled and where the only legacy curve + * is secp224k1, which is not supported in PSA. */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) || \ + defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) || \ + defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) || \ + defined(PSA_WANT_ECC_MONTGOMERY_255) || \ + defined(PSA_WANT_ECC_MONTGOMERY_448) || \ + defined(PSA_WANT_ECC_SECP_K1_192) || \ + defined(PSA_WANT_ECC_SECP_K1_224) || \ + defined(PSA_WANT_ECC_SECP_K1_256) || \ + defined(PSA_WANT_ECC_SECP_R1_192) || \ + defined(PSA_WANT_ECC_SECP_R1_224) || \ + defined(PSA_WANT_ECC_SECP_R1_256) || \ + defined(PSA_WANT_ECC_SECP_R1_384) || \ + defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +#endif +#endif + #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) {