The compilation guards in key_management.c are now
accelerator compilation guards (MBEDTLS_PSA_ACCEL_KEY_TYPE_xyz).
As a consequence when running the PSA driver wrapper
tests as part of test_psa_crypto_config_basic
and test_psa_crypto_drivers all.sh components all
key management cryptographic operations were handled by
the software builtin fallback, and not by the test driver
as intended in the first place.
This commits fixes this issue by:
. declaring an accelerator for ECC key pairs in
test_psa_crypto_config_basic.
. declaring an accelerator for both ECC and RSA
key pairs in test_psa_crypto_drivers.
It is possible to declare an accelerator for both
ECC and RSA key pairs in test_psa_crypto_drivers
and not in test_psa_crypto_config_basic because
in the case of test_psa_crypto_drivers the new
PSA configuration is not activated. That way,
the builtin fallback software implementation
is present to supply the transparent test driver
when some support is missing in it (mainly
RSA key generation).
Note that the declaration of accelerators does
much more than just "fixing" the execution flow of
driver wrapper tests, it makes all import and public
key export cryptographic operations in all unit
tests being handled by the transparent test driver
(provided that it supports the key type).
One test case related to key generation is
partially disabled. This will be fixed with the
rework of psa_generate_key along the lines
described in psa-crypto-implementation-structure.md.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In test_suite_psa_crypto_driver_wrappers test suite, the
generate key with software fallback test should be run
only if the software fallback is available.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change key management test driver default forced
return value from PSA_ERROR_NOT_SUPPORTED to
PSA_SUCCESS to be able to run the PSA unit tests
with the cryptographic key management operations
being handled by the transparent test driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add ECP/RSA transparent test driver import_key
entry point and use it in the transparent test
driver entry supporting both ECP and RSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move key buffer allocation from psa_import_key_into_slot()
function up to the two functions calling it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename ECP key import function before to move
it to psa_crypto_ecp.c to adapt to the naming
of exported functions in psa_crypto_ecp.c.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key to
align its name with the naming conventions of exported
functions in psa_crypto_rsa.c.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add ECP/RSA transparent test driver export_public_key
entry point and use it in the transparent test driver
supporting both ECP and RSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change psa_export_(public_)key_internal signature to
the signature of an export_(public_)key driver entry
point.
This is a preparatory commit to be able to call the
software implementations as a driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Disentangle public export and export code to be
able to move the call to export and public
export operations to the driver wrapper.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Align naming of export internal functions with the way
other psa_crypto.c internal functions are named, ending
with _internal.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename psa_export_rsa/ecp_key to
mbedtls_psa_rsa/ecp_export_key before to move them to
RSA/ECP specific PSA crypto C files.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename psa_load_rsa/ecp_representation to
mbedtls_psa_rsa/ecp_load_representation
before to move them in their RSA/ECP
specific PSA crypto C modules.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change psa_driver_wrapper_export_public_key() signature
to the signature of an export_public_key driver entry point.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In key slots containing the description of a key of a
dynamically registered Secure Element (SE), store the
key slot number in a key context as defined in the
PSA driver interface for opaque drivers.
That way transparent key data and slot numbers are
, in a key slot, both stored in a dynamically allocated
buffer. The `data` union in structures of type
psa_key_slot_t to distinguish between the storage of
transparent key data and slot numbers is consequently
not necessary anymore and thus removed.
This alignement of some part of the code dedicated to
dynamically registered SE with the PSA driver interface
specification is done to ease the support of both
dynamically registered and statically defined secure
elements.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add architecture document explaining how this
PR aim to restructure the PSA implementation (only
part of it) and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
Fix#4042
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
This exposes a buffer overflow (reported in #4042).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
if MBEDTLS_MPI_MAX_SIZE is odd then RSA_PRV_DER_MAX_BYTES will be two less than expected, since the macros are lacking parentheses.
Signed-off-by: Daniel Otte <d.otte@wut.de>
Storage format tests that only look at how the file is structured and
don't care about the format of the key material don't depend on any
cryptographic mechanisms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It isn't a set of dependencies, it's a set of symbols. So give it a
name that describes the symbol rather than a name that pretends it's a
collection of dependencies.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Switch dependencies on MBEDTLS_xxx to PSA_WANT_xxx for hash
algorithms.
Add a missing dependency in bad_order functions (it was previously
expressed in the .data file, but this is no longer the case when
dependencies in the .data file are determined automatically).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace manually written dependencies on MBEDTLS_xxx with
PSA_WANT_xxx dependencies that are determined automatically from the
test data.
Run tests/scripts/set_psa_test_dependencies.py on
tests/suites/test_suite_psa_crypto*.data,
except for the dynamic secure element tests in
tests/suites/test_suite_psa_crypto_se_driver_hal*.data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It doesn't make much difference in practice, but to keep closer to
what the current code does, run negative key policy tests even if the
algorithm for the operation attempt is not supported.
In particular, this allows the following test cases to run:
* "PSA key policy: agreement + KDF, wrong agreement algorithm"
* "PSA key policy: raw agreement, wrong algorithm"
Without this exception, those two test cases would never run, because
they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented
yet, it isn't enabled in any configuration. There's no alternative to
FFDH for these particular test cases because ECDH is the only key
agreement that is implemented in Mbed TLS so far.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>