Implement mbedtls_pk_import_into_psa #8807
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This makes it possible to use the curve in test data. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
enhancement
component-crypto
This was referenced Feb 9, 2024
Closed
gilles-peskine-arm
added
the
needs-backports
There was already code to instantiate the wildcard for sign/verify-hash. Make that work with sign/verify-message as well. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT. This covers importing a key pair, importing a public key and importing the public part of a key pair. Test mbedtls_pk_import_into_psa() with the output of mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa() on its own to get extra coverage, mostly for negative cases. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Set unique configuration names in the outcome file. This was lost in the rewrite from depends-*.pl to depends.py. Fix Mbed-TLS#7290 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is useful but cannot perform any signatures. Then modern GCC complains: ``` ../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’: ../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds] ../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’ … ``` This fixes test-ref-configs.pl with a modern GCC (specifically with config-thread.h). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the build in some configurations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Parsing a key and importing it into PSA may result in a policy that specifies an algorithm that is not included in the build. This happens if the key type is supported, but not the algorithm, e.g. in a build with MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This fixes the ability to exercise keys in configurations where MD5 is supported for direct use, but not inside some accelerated algorithms. This is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and some other accelerated-ECC components of `all.sh`, where the driver is built without MD5 support but built-in MD5 remains enabled. This is only a hack, not a theoretically correct fix, but a correct fix is out of scope of my current work. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
pk_import_into_psa-implement_import
branch
from
fab62c4 to
465e4ed
Compare
gilles-peskine-arm
added
needs-review
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The values are the same for all supported mechanisms (RSA-based), so no semantic change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This was referenced Feb 15, 2024
This was only tested with opaque keys. Since the code paths are different depending on the PK type, we also need to test RSA and ECKEY. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test that a PK key and a PSA key are consistent, i.e. that they have the same type (or are a key pair and the corresponding public key) and that they have the same public key. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were testing the internal consistency of the resulting key, and that the resulting key had the right metadata, but we were not testing that the PSA key had the expected key material. Comparing the public keys fixes that. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which assumed a Weierstrass key. This fixes the Montgomery private key parse tests in test_suite_pkparse. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
pk_import_into_psa-implement_import
branch
from
c0ca571 to
83b8baf
Compare
valeriosetti
previously approved these changes
Feb 20, 2024
Comment on lines
+1101
to
+1123
| #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) | ||
| case MBEDTLS_PK_ECKEY: | ||
| case MBEDTLS_PK_ECKEY_DH: | ||
| case MBEDTLS_PK_ECDSA: | ||
| TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); | ||
| TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); | ||
| pk_public = pk->pub_raw; | ||
| pk_public_length = pk->pub_raw_len; | ||
| break; | ||
| #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ | ||
|
|
||
| #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) | ||
| case MBEDTLS_PK_ECKEY: | ||
| case MBEDTLS_PK_ECKEY_DH: | ||
| case MBEDTLS_PK_ECDSA: | ||
| TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); | ||
| const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); | ||
| TEST_EQUAL(mbedtls_ecp_write_public_key( | ||
| ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, | ||
| pk_public_buffer, sizeof(pk_public_buffer)), 0); | ||
| pk_public = pk_public_buffer; | ||
| break; | ||
| #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ |
There was a problem hiding this comment.
Very minor, but why not having something like:
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
[...]
#else /*MBEDTLS_PK_USE_PSA_EC_DATA*/
[...]
#endif /*MBEDTLS_PK_USE_PSA_EC_DATA*/
#endif /*MBEDTLS_PK_HAVE_ECC_KEYS*/
?
There was a problem hiding this comment.
I have that nesting in many places, but here the only thing that's shared between the USE_PSA_EC_DATA case and the legacy case is the case statements, so I found it more readable to make them separate.
Comment on lines
+32
to
+33
| defined(MBEDTLS_ECDSA_C) || \ | ||
| defined(MBEDTLS_USE_PSA_CRYPTO) |
There was a problem hiding this comment.
Shouldn't we replace these with MBEDTLS_PK_CAN_ECDSA_SIGN?
There was a problem hiding this comment.
The list here matches the conditions for MBEDTLS_PK_SIGNATURE_MAX_SIZE to be nonzero, based on how it's set in include/mbedtls/pk.h. That was the motivation for 74860dd.
We can't remove MBEDTLS_RSA_C or MBEDTLS_PK_RSA_ALT_SUPPORT since these should be enabled even when PSA is disabled. We can't remove MBEDTLS_USE_PSA_CRYPTO because this covers MBEDTLS_PK_OPAQUE which can reach PSA-only signature algorithms.
Arguably we should replace defined(MBEDTLS_ECDSA_C) by MBEDTLS_PK_CAN_ECDSA_SIGN? I'm not sure it makes a difference in terms of maintainability. Intuitively, to me:
- Either
MBEDTLS_USE_PSA_CRYPTOis enabled, and this is always on: PK can at least try to sign through PSA (although it's possible that PSA doesn't actually support any signature algorithm, but we currently don't need to handle this refinement). - Or
MBEDTLS_USE_PSA_CRYPTOis disabled, and then we know that PK is using the built-in features for anything other thanMBEDTLS_PK_OPAQUE. All the built-in features that can sign are listed here.
By the way this is one of many places that need to change when MBEDTLS_PK_OPAQUE is generalized to work without MBEDTLS_USE_PSA_CRYPTO. I don't know of an easy way to find them all.
|
There's now a merge conflict which is just changes on consecutive lines. To avoid disrupting the ongoing review, I propose to do a merge commit once the pull request has been approved. |
|
I'm going to push the merge. In case there are test failures due to non-textual conflicts, this will make the history easier to understand. |
…plement_import Conflicts: * tests/suites/test_suite_pk.function: consecutive changes to the depends_on line of pk_sign_verify and its argument list.
gilles-peskine-arm
dismissed stale reviews from mpg and valeriosetti
via
dd49c73
|
Merge pushed, I hope the CI will pass (I only tested a few configs locally). Also, if you have a bit more bandwidth, would you mind reviewing the small backport? |
valeriosetti
added
approved
Merged
via the queue into
Mbed-TLS:development
with commit Feb 21, 2024
0aab69d
4 of 6 checks passed
3 tasks
| * psa_set_key_identifier() and optionally | ||
| * psa_set_key_lifetime(). | ||
| * - To import only the public part of a key pair: | ||
| * ``` |
There was a problem hiding this comment.
Doxygen doesn't recognize the backticks as meaning a code block here. I don't know what its rules are. Fixed in #8887.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #8708. Resolves #8713.
Also fixes #7290.
Out of scope: testing with non-volatile keys (#8778).
PR checklist
Notes for the submitter
Please refer to the contributing guidelines, especially the
checklist for PR contributors.
Help make review efficient: