From 48b87ebde37d55af636e1f778e39d9263fe6d8e6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Feb 2024 18:40:25 +0100 Subject: [PATCH 01/20] Choose a curve for tests at compile time This makes it possible to use the curve in test data. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 135 ++++++++++++++++------------ 1 file changed, 77 insertions(+), 58 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2574307020de..9c088e1499c4 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -36,29 +36,85 @@ #define MBEDTLS_TEST_PK_PSA_SIGN #endif -/* MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE is enabled when PSA supports - * at least one elliptic curve. This is distinct from - * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY because that symbol can be enabled even - * when there are no curves. This happens in particular in a configuration - * with MBEDTLS_PSA_CRYPTO_CONFIG disabled and where the only legacy curve - * is secp224k1, which is not supported in PSA. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) || \ - defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) || \ - defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) || \ - defined(PSA_WANT_ECC_MONTGOMERY_255) || \ - defined(PSA_WANT_ECC_MONTGOMERY_448) || \ - defined(PSA_WANT_ECC_SECP_K1_192) || \ - defined(PSA_WANT_ECC_SECP_K1_224) || \ - defined(PSA_WANT_ECC_SECP_K1_256) || \ - defined(PSA_WANT_ECC_SECP_R1_192) || \ - defined(PSA_WANT_ECC_SECP_R1_224) || \ - defined(PSA_WANT_ECC_SECP_R1_256) || \ - defined(PSA_WANT_ECC_SECP_R1_384) || \ - defined(PSA_WANT_ECC_SECP_R1_521) +/* Pick an elliptic curve that's supported by PSA. Note that the curve is + * not guaranteed to be supported by the ECP module. + * + * This should always find a curve if ECC is enabled in the build, except in + * one edge case: in a build with MBEDTLS_PSA_CRYPTO_CONFIG disabled and + * where the only legacy curve is secp224k1, which is not supported in PSA, + * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY ends up enabled but PSA does not + * support any curve. + */ + +/* First try all the curves that can do both ECDSA and ECDH, then try + * the ECDH-only curves. (There are no curves that can do ECDSA but not ECDH.) + * This way, if ECDSA is enabled then the curve that's selected here will + * be ECDSA-capable, and likewise for ECDH. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 +#elif defined(PSA_WANT_ECC_SECP_R1_224) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 +#elif defined(PSA_WANT_ECC_SECP_R1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 +#elif defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 +#elif defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 521 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 +#elif defined(PSA_WANT_ECC_SECP_K1_192) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 +#elif defined(PSA_WANT_ECC_SECP_K1_224) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 +#elif defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 512 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 +#elif defined(PSA_WANT_ECC_MONTGOMERY_255) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 255 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 +#elif defined(PSA_WANT_ECC_MONTGOMERY_448) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 448 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 +#endif /* curve selection */ + +#if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) #define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +#else +/* Always define the macros so that we can use them in test data. */ +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 0 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 #endif -#endif + +#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) @@ -211,43 +267,6 @@ size_t mbedtls_rsa_key_len_func(void *ctx) } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) -static mbedtls_ecp_group_id ecc_pick_grp_id(void) -{ -#if defined(MBEDTLS_ECP_LIGHT) - return mbedtls_ecp_grp_id_list()[0]; -#elif defined(PSA_WANT_ECC_SECP_R1_192) - return MBEDTLS_ECP_DP_SECP192R1; -#elif defined(PSA_WANT_ECC_SECP_R1_224) - return MBEDTLS_ECP_DP_SECP224R1; -#elif defined(PSA_WANT_ECC_SECP_R1_256) - return MBEDTLS_ECP_DP_SECP256R1; -#elif defined(PSA_WANT_ECC_SECP_R1_384) - return MBEDTLS_ECP_DP_SECP384R1; -#elif defined(PSA_WANT_ECC_SECP_R1_521) - return MBEDTLS_ECP_DP_SECP521R1; -#elif defined(PSA_WANT_ECC_SECP_K1_192) - return MBEDTLS_ECP_DP_SECP192K1; -#elif defined(PSA_WANT_ECC_SECP_K1_224) - return MBEDTLS_ECP_DP_SECP224K1; -#elif defined(PSA_WANT_ECC_SECP_K1_256) - return MBEDTLS_ECP_DP_SECP256K1; -#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - return MBEDTLS_ECP_DP_BP256R1; -#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - return MBEDTLS_ECP_DP_BP384R1; -#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - return MBEDTLS_ECP_DP_BP512R1; -#elif defined(PSA_WANT_ECC_MONTGOMERY_255) - return MBEDTLS_ECP_DP_CURVE25519; -#elif defined(PSA_WANT_ECC_MONTGOMERY_448) - return MBEDTLS_ECP_DP_CURVE448; -#else - return 0; -#endif -} -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) */ - #if defined(MBEDTLS_PSA_CRYPTO_C) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) @@ -291,7 +310,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: { - mbedtls_ecp_group_id grp_id = ecc_pick_grp_id(); + mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; size_t bits; *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); TEST_EQUAL(pk_genkey(pk, grp_id), 0); From 05ee3fbdc013e99de876e4740a6d34eaf025759e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Feb 2024 18:58:10 +0100 Subject: [PATCH 02/20] mbedtls_pk_import_into_psa: documentation Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_pk_import_into_psa.txt | 4 ++ include/mbedtls/pk.h | 48 ++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 ChangeLog.d/mbedtls_pk_import_into_psa.txt diff --git a/ChangeLog.d/mbedtls_pk_import_into_psa.txt b/ChangeLog.d/mbedtls_pk_import_into_psa.txt new file mode 100644 index 000000000000..c294f4490d43 --- /dev/null +++ b/ChangeLog.d/mbedtls_pk_import_into_psa.txt @@ -0,0 +1,4 @@ +Features + * The new functions mbedtls_pk_get_psa_attributes() and + mbedtls_pk_import_into_psa() provide a uniform way to create a PSA + key from a PK key. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 66f39015faa4..b5d65e39aa1a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -599,6 +599,54 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_key_usage_t usage, psa_key_attributes_t *attributes); + +/** + * \brief Import a key into the PSA key store. + * + * This function is equivalent to calling psa_import_key() + * with the key material from \p pk. + * + * The typical way to use this function is: + * -# Call mbedtls_pk_get_psa_attributes() to obtain + * attributes for the given key. + * -# If desired, modify the attributes, for example: + * - To create a persistent key, call + * psa_set_key_identifier() and optionally + * psa_set_key_lifetime(). + * - To import only the public part of a key pair: + * ``` + * psa_set_key_type(&attributes, + * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( + * psa_get_key_type(&attributes))); + * ``` + * - Restrict the key usage if desired. + * -# Call mbedtls_pk_import_into_psa(). + * + * \note This function does not support RSA-alt contexts + * (set up with mbedtls_pk_setup_rsa_alt()). + * + * \param[in] pk The PK context to use. It must have been set up. + * It can either contain a key pair or just a public key. + * \param[in] attributes + * The attributes to use for the new key. They must be + * compatible with \p pk. In particular, the key type + * must match the content of \p pk. + * If \p pk contains a key pair, the key type in + * attributes can be either the key pair type or the + * corresponding public key type (to import only the + * public part). + * \param[out] key_id + * On success, the identifier of the newly created key. + * On error, this is #MBEDTLS_SVC_KEY_ID_INIT. + * + * \return 0 on success. + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain + * a key of the type identified in \p attributes. + * Another error code on other failures. + */ +int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id); #endif /* MBEDTLS_PSA_CRYPTO_C */ /** From 4781bd9773d9213325bce1ab9d0139ace3cf97be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 17:32:45 +0100 Subject: [PATCH 03/20] exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH There was already code to instantiate the wildcard for sign/verify-hash. Make that work with sign/verify-message as well. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 560b7113d12a..c594cee9b6d2 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -283,23 +283,25 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { + /* If the policy allows signing with any hash, just pick one. */ + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH && + usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) { +#if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; +#else + TEST_FAIL("No hash algorithm for hash-and-sign testing"); +#endif + } + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && PSA_ALG_IS_SIGN_HASH(alg)) { unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; size_t signature_length = sizeof(signature); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - - /* If the policy allows signing with any hash, just pick one. */ - if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) { - #if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; - #else - TEST_FAIL("No hash algorithm for hash-and-sign testing"); - #endif - } /* Some algorithms require the payload to have the size of * the hash encoded in the algorithm. Use this input size From fdb809ef86901dfceadb73c106830d9f149311f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 19:22:30 +0100 Subject: [PATCH 04/20] exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index c594cee9b6d2..618b83f31836 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -364,8 +364,10 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - unsigned char plaintext[256] = "Hello, world..."; - unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + unsigned char plaintext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = + "Hello, world..."; + unsigned char ciphertext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = + "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; From fc3d866ad27cdcdbc0ad4c45ccc4b0d0e0fb21f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 19:26:37 +0100 Subject: [PATCH 05/20] mbedtls_pk_import_into_psa: implement and test Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT. This covers importing a key pair, importing a public key and importing the public part of a key pair. Test mbedtls_pk_import_into_psa() with the output of mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa() on its own to get extra coverage, mostly for negative cases. Signed-off-by: Gilles Peskine --- library/pk.c | 280 +++++++++++++++++++++++++++- library/pk_internal.h | 4 +- library/psa_util.c | 2 + tests/suites/test_suite_pk.data | 185 ++++++++++++++++++ tests/suites/test_suite_pk.function | 147 ++++++++++++++- 5 files changed, 606 insertions(+), 12 deletions(-) diff --git a/library/pk.c b/library/pk.c index 1b481e1a2079..f623af999ad4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -18,10 +18,8 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" -#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_USE_PSA_CRYPTO) #include "rsa_internal.h" #endif -#endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif @@ -579,6 +577,284 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, return 0; } + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_USE_PSA_CRYPTO) +static psa_status_t export_import_into_psa(mbedtls_svc_key_id_t old_key_id, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *new_key_id) +{ + unsigned char key_buffer[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + size_t key_length = 0; + psa_status_t status = psa_export_key(old_key_id, + key_buffer, sizeof(key_buffer), + &key_length); + if (status != PSA_SUCCESS) { + return status; + } + status = psa_import_key(attributes, key_buffer, key_length, new_key_id); + mbedtls_platform_zeroize(key_buffer, key_length); + return status; +} + +static int copy_into_psa(mbedtls_svc_key_id_t old_key_id, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *new_key_id) +{ + /* Normally, we prefer copying: it's more efficient and works even + * for non-exportable keys. */ + psa_status_t status = psa_copy_key(old_key_id, attributes, new_key_id); + if (status == PSA_ERROR_NOT_PERMITTED /*missing COPY usage*/ || + status == PSA_ERROR_INVALID_ARGUMENT /*incompatible policy*/) { + /* There are edge cases where copying won't work, but export+import + * might: + * - If the old key does not allow PSA_KEY_USAGE_COPY. + * - If the old key's usage does not allow what attributes wants. + * Because the key was intended for use in the pk module, and may + * have had a policy chosen solely for what pk needs rather than + * based on a detailed understanding of PSA policies, we are a bit + * more liberal than psa_copy_key() here. + */ + /* Here we need to check that the types match, otherwise we risk + * importing nonsensical data. */ + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + status = psa_get_key_attributes(old_key_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + psa_reset_key_attributes(&old_attributes); + if (old_type != psa_get_key_type(attributes)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + status = export_import_into_psa(old_key_id, attributes, new_key_id); + } + return PSA_PK_TO_MBEDTLS_ERR(status); +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_USE_PSA_CRYPTO */ + +static int import_pair_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + switch (mbedtls_pk_get_type(pk)) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + if (psa_get_key_type(attributes) != PSA_KEY_TYPE_RSA_KEY_PAIR) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char key_buffer[ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)]; + unsigned char *const key_end = key_buffer + sizeof(key_buffer); + unsigned char *key_data = key_end; + int ret = mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), + key_buffer, &key_data); + if (ret < 0) { + return ret; + } + size_t key_length = key_end - key_data; + ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_data, key_length, + key_id)); + mbedtls_platform_zeroize(key_data, key_length); + return ret; + } +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + /* We need to check the curve family, otherwise the import could + * succeed with nonsensical data. + * We don't check the bit-size: it's optional in attributes, + * and if it's specified, psa_import_key() will know from the key + * data length and will check that the bit-size matches. */ + psa_key_type_t to_type = psa_get_key_type(attributes); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_ecc_family_t from_family = pk->ec_family; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + /* We're only reading the key, but mbedtls_ecp_write_key() + * is missing a const annotation on its key parameter, so + * we need the non-const accessor here. */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + size_t from_bits = 0; + psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id, + &from_bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (to_type != PSA_KEY_TYPE_ECC_KEY_PAIR(from_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (mbedtls_svc_key_id_is_null(pk->priv_id)) { + /* We have a public key and want a key pair. */ + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + return copy_into_psa(pk->priv_id, attributes, key_id); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (ec->d.n == 0) { + /* Private key not set. Assume the input is a public key only. + * (The other possibility is that it's an incomplete object + * where the group is set but neither the public key nor + * the private key. This is not possible through ecp.h + * functions, so we don't bother reporting a more suitable + * error in that case.) */ + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char key_buffer[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + int ret = mbedtls_ecp_write_key(ec, + key_buffer, sizeof(key_buffer)); + if (ret < 0) { + return ret; + } + size_t key_length = PSA_BITS_TO_BYTES(ec->grp.nbits); + unsigned char *key_data = key_buffer + sizeof(key_buffer) - key_length; + ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_data, key_length, + key_id)); + mbedtls_platform_zeroize(key_data, key_length); + return ret; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + return copy_into_psa(pk->priv_id, attributes, key_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } +} + +static int import_public_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + psa_key_type_t psa_type = psa_get_key_type(attributes); + +#if defined(MBEDTLS_RSA_C) || \ + (defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char key_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; +#endif + unsigned char *key_data = NULL; + size_t key_length = 0; + + switch (mbedtls_pk_get_type(pk)) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + if (psa_type != PSA_KEY_TYPE_RSA_PUBLIC_KEY) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char *const key_end = key_buffer + sizeof(key_buffer); + key_data = key_end; + int ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*pk), + key_buffer, &key_data); + if (ret < 0) { + return ret; + } + key_length = (size_t) ret; + break; + } +#endif /*MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + /* We need to check the curve family, otherwise the import could + * succeed with nonsensical data. + * We don't check the bit-size: it's optional in attributes, + * and if it's specified, psa_import_key() will know from the key + * data length and will check that the bit-size matches. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (psa_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + key_data = (unsigned char *) pk->pub_raw; + key_length = pk->pub_raw_len; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + size_t from_bits = 0; + psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id, + &from_bits); + psa_key_type_t to_type = psa_get_key_type(attributes); + if (to_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(from_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + int ret = mbedtls_ecp_write_public_key( + ec, MBEDTLS_ECP_PF_UNCOMPRESSED, + &key_length, key_buffer, sizeof(key_buffer)); + if (ret < 0) { + return ret; + } + key_data = key_buffer; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + { + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = + psa_get_key_attributes(pk->priv_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + psa_reset_key_attributes(&old_attributes); + if (psa_type != PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(old_type)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + status = psa_export_public_key(pk->priv_id, + key_buffer, sizeof(key_buffer), + &key_length); + if (status != PSA_SUCCESS) { + return PSA_PK_TO_MBEDTLS_ERR(status); + } + key_data = key_buffer; + break; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + return PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_data, key_length, + key_id)); +} + +int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + /* Set the output immediately so that it won't contain garbage even + * if we error out before calling psa_import_key(). */ + *key_id = MBEDTLS_SVC_KEY_ID_INIT; + +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA_ALT) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } +#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ + + int want_public = PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(attributes)); + if (want_public) { + return import_public_into_psa(pk, attributes, key_id); + } else { + return import_pair_into_psa(pk, attributes, key_id); + } +} #endif /* MBEDTLS_PSA_CRYPTO_C */ /* diff --git a/library/pk_internal.h b/library/pk_internal.h index da6c7f1b4f0d..f5924adf384b 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -17,7 +17,7 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" #include "psa_util_internal.h" @@ -28,7 +28,7 @@ #define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_pk_ecdsa_errors, \ psa_pk_status_to_mbedtls) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Headers/footers for PEM files */ #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" diff --git a/library/psa_util.c b/library/psa_util.c index fd119bf3daab..125b1734e73f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -164,6 +164,8 @@ int psa_pk_status_to_mbedtls(psa_status_t status) return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; case PSA_ERROR_INVALID_ARGUMENT: return MBEDTLS_ERR_PK_INVALID_ALG; + case PSA_ERROR_NOT_PERMITTED: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; case PSA_ERROR_INSUFFICIENT_MEMORY: return MBEDTLS_ERR_PK_ALLOC_FAILED; case PSA_ERROR_BAD_STATE: diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 3414958837f9..e310a5943d38 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1004,8 +1004,23 @@ PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT +# For a PK_OPAQUE key with a key pair type output, +# mbedtls_pk_import_into_psa() requires the key to be copyable or exportable. +# Try all combinations of COPY/not, EXPORT/not. PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|EXPORT|... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|COPY|... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|COPY|EXPORT... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy) @@ -1109,3 +1124,173 @@ pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):2 PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 + +PSA import into PSA: RSA pair to ECC (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: RSA public to RSA pair (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:0:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +PSA import into PSA: ECKEY pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, COPY (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, EXPORT (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, no COPY/EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque RSA, COPY|EXPORT, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque RSA, COPY, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# Detail that isn't precisely documented: since this exports the key, +# the new key has all the requested usage flags. +PSA import into PSA: opaque RSA, EXPORT, different usage (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, COPY|EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque RSA, COPY, different algorithm (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque RSA, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, different type (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA to public (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA to public, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. +PSA import into PSA: opaque RSA to public, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: opaque ECC, COPY (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, EXPORT (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, no COPY/EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque ECC, COPY|EXPORT, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque ECC, COPY, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# Detail that isn't precisely documented: since this exports the key, +# the new key has all the requested usage flags. +PSA import into PSA: opaque ECC, EXPORT, different usage (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, COPY|EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque ECC, COPY, different algorithm (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC, EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque ECC, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC, different type (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC to public (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC to public, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. +PSA import into PSA: opaque ECC to public, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 9c088e1499c4..b9841a957906 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -131,14 +131,31 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_bits(&key_attr, curve_bits); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE); + psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + psa_algorithm_t sign_alg = 0; + psa_algorithm_t derive_alg = 0; + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { + usage |= PSA_KEY_USAGE_DERIVE; + derive_alg = PSA_ALG_ECDH; + } + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && + curve != PSA_ECC_FAMILY_MONTGOMERY) { + usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&key_attr, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); + sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); #else - psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); + sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); #endif + } + if (derive_alg != 0) { + psa_set_key_algorithm(&key_attr, derive_alg); + if (sign_alg != 0) { + psa_set_key_enrollment_algorithm(&key_attr, sign_alg); + } + } else { + psa_set_key_algorithm(&key_attr, sign_alg); + } + psa_set_key_usage_flags(&key_attr, usage); status = psa_generate_key(&key_attr, &pk->priv_id); if (status != PSA_SUCCESS) { @@ -1458,6 +1475,9 @@ void pk_rsa_alt() PSA_KEY_USAGE_ENCRYPT, &attributes), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_PSA_CRYPTO_C */ /* Test signature */ @@ -1776,6 +1796,7 @@ void pk_get_psa_attributes(int pk_type, int from_pair, mbedtls_pk_init(&pk); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_usage_t usage = usage_arg; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; PSA_INIT(); @@ -1816,9 +1837,12 @@ void pk_get_psa_attributes(int pk_type, int from_pair, TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + exit: mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); + psa_destroy_key(new_key_id); PSA_DONE(); } /* END_CASE */ @@ -1832,6 +1856,7 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, mbedtls_pk_init(&pk); psa_key_usage_t usage = usage_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; PSA_INIT(); @@ -1857,9 +1882,12 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + exit: mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); + psa_destroy_key(new_key_id); PSA_DONE(); } /* END_CASE */ @@ -1900,13 +1928,14 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, mbedtls_pk_context pk; mbedtls_pk_init(&pk); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t from_type = from_type_arg; size_t bits = from_bits_arg; psa_key_usage_t from_usage = from_usage_arg; psa_algorithm_t alg = from_alg_arg; psa_key_usage_t usage = usage_arg; psa_key_usage_t expected_usage = expected_usage_arg; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; PSA_INIT(); @@ -1916,8 +1945,8 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, psa_set_key_algorithm(&attributes, alg); psa_set_key_enrollment_algorithm(&attributes, 42); //TODO: test with persistent key - PSA_ASSERT(psa_generate_key(&attributes, &key_id)); - TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); + PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_key_type_t expected_psa_type = to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); @@ -1934,12 +1963,114 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + + int expected_import_ret = 0; + if (to_pair && + !(from_usage & (PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT))) { + expected_import_ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), + expected_import_ret); } exit: mbedtls_pk_free(&pk); + psa_destroy_key(old_key_id); + psa_destroy_key(new_key_id); + psa_reset_key_attributes(&attributes); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_import_into_psa_fail(int pk_type, int from_pair, + int type_arg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t type = type_arg; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); + + PSA_INIT(); + + psa_key_type_t expected_psa_type; + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); + + psa_set_key_type(&attributes, type); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), + expected_ret); + TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT)); + +exit: psa_destroy_key(key_id); + mbedtls_pk_free(&pk); psa_reset_key_attributes(&attributes); PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_import_into_psa_opaque(int from_type, int from_bits, + int from_usage, int from_alg, + int to_type, int to_bits, + int to_usage, int to_alg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t from_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t from_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t to_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t to_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_INIT(); + + psa_set_key_type(&from_attributes, from_type); + psa_set_key_bits(&from_attributes, from_bits); + psa_set_key_usage_flags(&from_attributes, from_usage); + psa_set_key_algorithm(&from_attributes, from_alg); + PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id)); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); + + psa_set_key_type(&to_attributes, to_type); + psa_set_key_bits(&to_attributes, to_bits); + psa_set_key_usage_flags(&to_attributes, to_usage); + psa_set_key_algorithm(&to_attributes, to_alg); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &to_attributes, &to_key_id), + expected_ret); + + if (expected_ret == 0) { + PSA_ASSERT(psa_get_key_attributes(to_key_id, &actual_attributes)); + TEST_EQUAL(to_type, psa_get_key_type(&actual_attributes)); + if (to_bits != 0) { + TEST_EQUAL(to_bits, psa_get_key_bits(&actual_attributes)); + } + TEST_EQUAL(to_alg, psa_get_key_algorithm(&actual_attributes)); + psa_key_usage_t expected_usage = to_usage; + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); + } else { + TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); + } + +exit: + mbedtls_pk_free(&pk); + psa_destroy_key(from_key_id); + psa_destroy_key(to_key_id); + psa_reset_key_attributes(&from_attributes); + psa_reset_key_attributes(&to_attributes); + psa_reset_key_attributes(&actual_attributes); + PSA_DONE(); +} +/* END_CASE */ From 10e9c412c05b7d0a49f31e720eb73942de0e83ee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 19:29:08 +0100 Subject: [PATCH 06/20] mbedtls_pk_import_into_psa: negative tests for different ECC curve Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 44 +++++++++++++++++++++++++++++ tests/suites/test_suite_pk.function | 20 +++++++++++++ 2 files changed, 64 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e310a5943d38..908650875768 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1145,6 +1145,42 @@ PSA import into PSA: ECDSA pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +PSA import into PSA: ECKEY pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH + PSA import into PSA: ECKEY public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH @@ -1280,6 +1316,10 @@ PSA import into PSA: opaque ECC, different type (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +PSA import into PSA: opaque ECC, different family (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + PSA import into PSA: opaque ECC to public (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 @@ -1294,3 +1334,7 @@ pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAM PSA import into PSA: opaque ECC to public, different bits (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: opaque ECC to public, different family (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b9841a957906..8e51aaa8d35a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -114,6 +114,26 @@ #define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 #endif +/* Pick a second curve, for tests that need two supported curves of the + * same size. For simplicity, we only handle a subset of configurations, + * and both curves will support both ECDH and ECDSA. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_K1_192) +/* Identical redefinition of the ONE macros, to confirm that they have + * the values we expect here. */ +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +#else +/* Always define the macros so that we can use them in test data. */ +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 +#endif + #endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) From 157679c0d5a4f8de312ef88f6191807461b5d4bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 9 Feb 2024 19:29:44 +0100 Subject: [PATCH 07/20] mbedtls_pk_import_into_psa: positive tests with pkparse output Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 168 ++++++++++++++--------- 1 file changed, 100 insertions(+), 68 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 14afef6e94b1..6c904a39714e 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -6,10 +6,82 @@ #include "mbedtls/psa_util.h" #include "pk_internal.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "test/psa_exercise_key.h" +#endif + #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) #define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +static int test_psa_bridge(const mbedtls_pk_context *ctx, + psa_key_usage_t usage_flag) +{ + switch (usage_flag) { + case PSA_KEY_USAGE_SIGN_HASH: + mbedtls_test_set_step(0); + break; + case PSA_KEY_USAGE_SIGN_MESSAGE: + mbedtls_test_set_step(1); + break; + case PSA_KEY_USAGE_DECRYPT: + mbedtls_test_set_step(2); + break; + case PSA_KEY_USAGE_DERIVE: + mbedtls_test_set_step(3); + break; + case PSA_KEY_USAGE_VERIFY_HASH: + mbedtls_test_set_step(4); + break; + case PSA_KEY_USAGE_VERIFY_MESSAGE: + mbedtls_test_set_step(5); + break; + case PSA_KEY_USAGE_ENCRYPT: + mbedtls_test_set_step(6); + break; + } + + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t psa_key = MBEDTLS_SVC_KEY_ID_INIT; + int ok = 0; + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes); + psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes); + TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key, + exercise_usage, exercise_alg)); + + mbedtls_test_set_step((unsigned long) -1); + ok = 1; + +exit: + psa_destroy_key(psa_key); + psa_reset_key_attributes(&attributes); + return ok; +} + +/* Whether a pk key can do ECDSA. Opaque keys are not supported since this + * test suite does not create opaque keys. */ +static int pk_can_ecdsa(const mbedtls_pk_context *ctx) +{ + /* Check whether we have an EC key. Unfortunately this also accepts + * keys on Montgomery curves, which can only do ECDH, so we'll have + * to dig further. */ + if (!mbedtls_pk_can_do(ctx, MBEDTLS_PK_ECDSA)) { + return 0; + } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return ctx->ec_family != PSA_ECC_FAMILY_MONTGOMERY; +#elif defined(MBEDTLS_ECDSA_C) + return mbedtls_ecdsa_can_do(mbedtls_pk_ec_ro(*ctx)->grp.id); +#else + return 0; +#endif +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -43,36 +115,19 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_DECRYPT, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_ENCRYPT, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DECRYPT)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); #endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -97,24 +152,16 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_ENCRYPT, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); #endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -144,20 +191,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } #endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -185,32 +229,20 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_DERIVE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DERIVE)); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } #endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ From 35cb3198324854226928e63ca261f58db1512e3a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:16:05 +0100 Subject: [PATCH 08/20] depends.py: set unique configuration names in outcome file Set unique configuration names in the outcome file. This was lost in the rewrite from depends-*.pl to depends.py. Fix #7290 Signed-off-by: Gilles Peskine --- tests/scripts/depends.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 1a84531034c8..1990cd21cabf 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -199,7 +199,10 @@ def test(self, options): success = True for command in self.commands: log_command(command) - ret = subprocess.call(command) + env = os.environ.copy() + if 'MBEDTLS_TEST_CONFIGURATION' in env: + env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name + ret = subprocess.call(command, env=env) if ret != 0: if command[0] not in ['make', options.make_command]: log_line('*** [{}] Error {}'.format(' '.join(command), ret)) From 74860ddec2486ea63316d77cd4a3f3146c127bda Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:25:18 +0100 Subject: [PATCH 09/20] Don't define pk_sign_verify in configurations where it's unused MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is useful but cannot perform any signatures. Then modern GCC complains: ``` ../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’: ../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds] ../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’ … ``` This fixes test-ref-configs.pl with a modern GCC (specifically with config-thread.h). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8e51aaa8d35a..5d0ee1a46bd2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -25,6 +25,13 @@ #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) +#if defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ + defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#define PK_CAN_SIGN_SOME +#endif + /* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. * - The build has built-in ECC and ECDSA signature. @@ -1082,7 +1089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret) { mbedtls_pk_context pk; From 1d33876d3733064a5b8b31c392d8ab5df435e781 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:18:26 +0100 Subject: [PATCH 10/20] Fix some preprocessor guards Fix the build in some configurations. Signed-off-by: Gilles Peskine --- library/pk.c | 3 +-- tests/suites/test_suite_pk.function | 18 ++++++++++-------- tests/suites/test_suite_pkparse.function | 6 ++++-- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/library/pk.c b/library/pk.c index f623af999ad4..28663a828ca0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -784,8 +784,7 @@ static int import_public_into_psa(const mbedtls_pk_context *pk, size_t from_bits = 0; psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id, &from_bits); - psa_key_type_t to_type = psa_get_key_type(attributes); - if (to_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(from_family)) { + if (psa_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(from_family)) { return MBEDTLS_ERR_PK_TYPE_MISMATCH; } int ret = mbedtls_ecp_write_public_key( diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5d0ee1a46bd2..76713649a600 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -114,11 +114,6 @@ #if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) #define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -#else -/* Always define the macros so that we can use them in test data. */ -#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 0 -#define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 #endif /* Pick a second curve, for tests that need two supported curves of the @@ -136,13 +131,20 @@ #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -#else -/* Always define the macros so that we can use them in test data. */ -#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 #endif #endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ +/* Always define the macros so that we can use them in test data. */ +#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 +#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 0 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 +#endif +#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 +#endif + #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 6c904a39714e..3227ce9ac416 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -14,7 +14,7 @@ #define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_FS_IO) static int test_psa_bridge(const mbedtls_pk_context *ctx, psa_key_usage_t usage_flag) { @@ -62,6 +62,7 @@ exit: return ok; } +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Whether a pk key can do ECDSA. Opaque keys are not supported since this * test suite does not create opaque keys. */ static int pk_can_ecdsa(const mbedtls_pk_context *ctx) @@ -80,7 +81,8 @@ static int pk_can_ecdsa(const mbedtls_pk_context *ctx) return 0; #endif } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_PSA_CRYPTO_C && && MBEDTLS_FS_IO */ /* END_HEADER */ From 34955677e5bee237b94ef0b5fe8e6df53dbc53db Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 14:19:24 +0100 Subject: [PATCH 11/20] Don't exercise if the algorithm is not supported Parsing a key and importing it into PSA may result in a policy that specifies an algorithm that is not included in the build. This happens if the key type is supported, but not the algorithm, e.g. in a build with MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 16 +++++++++ tests/src/psa_exercise_key.c | 45 ++++++++++++++++++++++++ tests/suites/test_suite_pkparse.function | 8 +++-- 3 files changed, 67 insertions(+), 2 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index a658d1773058..82ef2ad56231 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -221,4 +221,20 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, psa_algorithm_t alg); +/** Whether the specified algorithm can be exercised. + * + * \note This function is solely based on the algorithm and does not + * consider potential issues with the compatibility of a key. + * The idea is that you already have a key, so you know that the + * key type is supported, and you want to exercise the key but + * only if the algorithm given in its policy is enabled in the + * compile-time configuration. + * + * \note This function currently only supports signature algorithms + * (including wildcards). + * TODO: a more general mechanism, which should be automatically + * generated and possibly available as a library function? + */ +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); + #endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 618b83f31836..3fcf77d379db 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -1009,4 +1009,49 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, } +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) +{ + /* Reject algorithms that we know are not supported. Default to + * attempting exercise, so that if an algorithm is missing from this + * function, the result will be a test failure and not silently + * omitting exercise. */ +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) + if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS) + if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) + if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDSA) + if (PSA_ALG_IS_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) + if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDH) + if (PSA_ALG_IS_ECDH(alg)) { + return 0; + } +#endif + (void) alg; + return 1; +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 3227ce9ac416..add225d73576 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -48,10 +48,14 @@ static int test_psa_bridge(const mbedtls_pk_context *ctx, TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes); psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes); - TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key, - exercise_usage, exercise_alg)); + if (mbedtls_test_can_exercise_psa_algorithm(exercise_alg)) { + TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key, + exercise_usage, + exercise_alg)); + } mbedtls_test_set_step((unsigned long) -1); ok = 1; From 465e4ed56b8de28d2fee48408f6538fd33de8b00 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 19:54:53 +0100 Subject: [PATCH 12/20] Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG This fixes the ability to exercise keys in configurations where MD5 is supported for direct use, but not inside some accelerated algorithms. This is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and some other accelerated-ECC components of `all.sh`, where the driver is built without MD5 support but built-in MD5 remains enabled. This is only a hack, not a theoretically correct fix, but a correct fix is out of scope of my current work. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 82ef2ad56231..7d51a4c536ea 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -20,15 +20,7 @@ * * This is used in some smoke tests. */ -#if defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_SHA_256) +#if defined(PSA_WANT_ALG_SHA_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 #elif defined(PSA_WANT_ALG_SHA_384) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 @@ -36,6 +28,14 @@ #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 #elif defined(PSA_WANT_ALG_SHA3_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 +#elif defined(PSA_WANT_ALG_SHA_1) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(PSA_WANT_ALG_MD5) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ #else #undef KNOWN_SUPPORTED_HASH_ALG #endif From cbd2cbb408426187b817526e8aa9fc9fdaaaf99a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 13:12:44 +0100 Subject: [PATCH 13/20] Rename identifier for consistency Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 34 ++++++++++++++--------------- tests/suites/test_suite_pk.function | 32 +++++++++++++-------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 908650875768..0e944dbeed0f 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1264,77 +1264,77 @@ pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS PSA import into PSA: opaque ECC, COPY (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, EXPORT (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, no COPY/EXPORT (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque ECC, COPY|EXPORT, different usage (restricted) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque ECC, COPY, different usage (restricted) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # Detail that isn't precisely documented: since this exports the key, # the new key has all the requested usage flags. PSA import into PSA: opaque ECC, EXPORT, different usage (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, COPY|EXPORT, different algorithm (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 PSA import into PSA: opaque ECC, COPY, different algorithm (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, EXPORT, different algorithm (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 PSA import into PSA: opaque ECC, implicit bits (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, different bits (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, different type (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, different family (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC to public (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC to public, implicit bits (ok) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation # of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably # be more appropriate. PSA import into PSA: opaque ECC to public, different bits (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: opaque ECC to public, different family (bad) depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA -pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 76713649a600..3ce7d265d5fb 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -60,55 +60,55 @@ * be ECDSA-capable, and likewise for ECDH. */ #if defined(PSA_WANT_ECC_SECP_R1_192) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 #elif defined(PSA_WANT_ECC_SECP_R1_224) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 #elif defined(PSA_WANT_ECC_SECP_R1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 #elif defined(PSA_WANT_ECC_SECP_R1_384) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 #elif defined(PSA_WANT_ECC_SECP_R1_521) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 521 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 #elif defined(PSA_WANT_ECC_SECP_K1_192) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 #elif defined(PSA_WANT_ECC_SECP_K1_224) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 #elif defined(PSA_WANT_ECC_SECP_K1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 512 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 512 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 #elif defined(PSA_WANT_ECC_MONTGOMERY_255) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 255 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 255 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 #elif defined(PSA_WANT_ECC_MONTGOMERY_448) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 448 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 448 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 #endif /* curve selection */ @@ -124,12 +124,12 @@ * the values we expect here. */ #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES #elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES #endif @@ -138,7 +138,7 @@ /* Always define the macros so that we can use them in test data. */ #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 -#define MBEDTLS_PSA_ECC_ONE_CURVE_BITS 0 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 0 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 #endif #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) From f50cd59b51fd57d5e095134b6c715bcad0b2628a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 13:13:26 +0100 Subject: [PATCH 14/20] Fix encrypt/decrypt confusion The values are the same for all supported mechanisms (RSA-based), so no semantic change. Signed-off-by: Gilles Peskine --- tests/src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 3fcf77d379db..80419d1a8879 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -364,9 +364,9 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - unsigned char plaintext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = + unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = "Hello, world..."; - unsigned char ciphertext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = + unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; From 68a287dc7aed81216c47e0992926f56c112d3cea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 13:30:55 +0100 Subject: [PATCH 15/20] Use named constants FROM_PAIR/FROM_PUBLIC for readability Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 184 ++++++++++++++-------------- tests/suites/test_suite_pk.function | 6 + 2 files changed, 98 insertions(+), 92 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 0e944dbeed0f..df665d0e50bc 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -682,311 +682,311 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PSA attributes for pk: NONE (bad) -pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA +pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA # There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt(). # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=0 (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=EXPORT (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to specifying more than one of sign/crypt/derive. PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DECRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 pair->public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public DECRYPT (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair SIGN_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 -pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public SIGN_HASH (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DERIVE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public DERIVE (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 -pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DECRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public ENCRYPT (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DERIVE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECKEY_DH pair DERIVE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH +pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECDSA pair DERIVE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DERIVE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DERIVE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DERIVE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair SIGN_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair SIGN_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_MESSAGE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_HASH depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public SIGN_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME @@ -1127,71 +1127,71 @@ pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):2 PSA import into PSA: RSA pair to ECC (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_import_into_psa_fail:MBEDTLS_PK_RSA:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: RSA public to RSA pair (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_import_into_psa_fail:MBEDTLS_PK_RSA:0:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_RSA_BAD_INPUT_DATA PSA import into PSA: ECKEY pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, COPY (ok) depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3ce7d265d5fb..52d0f686ec92 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -313,6 +313,12 @@ size_t mbedtls_rsa_key_len_func(void *ctx) } #endif /* MBEDTLS_RSA_C */ +typedef enum { + /* The values are compatible with thinking of "from pair" as a boolean. */ + FROM_PUBLIC = 0, + FROM_PAIR = 1 +} from_pair_t; + #if defined(MBEDTLS_PSA_CRYPTO_C) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) From d6fc3501c07f3c0f1704eed372fb09806266ca9b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 13:53:03 +0100 Subject: [PATCH 16/20] Test mbedtls_pk_import_into_psa with different bits This was only tested with opaque keys. Since the code paths are different depending on the PK type, we also need to test RSA and ECKEY. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 85 +++++++++++++++++++++++------ tests/suites/test_suite_pk.function | 24 +++++++- 2 files changed, 91 insertions(+), 18 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index df665d0e50bc..503d0bc91c32 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1127,71 +1127,122 @@ pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):2 PSA import into PSA: RSA pair to ECC (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: RSA public to RSA pair (bad) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. (Applies to all the RSA "different bits" test cases.) +PSA import into PSA: RSA pair to different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: RSA public to different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: RSA private to public, different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: ECKEY pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to public, different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to different curve (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE -pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to pair (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME -pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, COPY (ok) depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 52d0f686ec92..4ea7a70157fa 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -133,6 +133,23 @@ #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES #endif +/* Pick a second bit-size, for tests that need two supported curves of the + * same family. For simplicity, we only handle a subset of configurations, + * and both curves will support both ECDH and ECDSA. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_R1_256) +/* Identical redefinition of the ONE macros, to confirm that they have + * the values we expect here. */ +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 384 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +#endif + #endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ /* Always define the macros so that we can use them in test data. */ @@ -144,6 +161,9 @@ #if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 #endif +#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS) +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 0 +#endif #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) @@ -2019,13 +2039,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_import_into_psa_fail(int pk_type, int from_pair, - int type_arg, + int type_arg, int bits_arg, int expected_ret) { mbedtls_pk_context pk; mbedtls_pk_init(&pk); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type = type_arg; + size_t bits = bits_arg; mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); PSA_INIT(); @@ -2035,6 +2056,7 @@ void pk_import_into_psa_fail(int pk_type, int from_pair, &pk, &expected_psa_type), 0); psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), expected_ret); From 4da1f01f8853b79af861624e384bd08e48945020 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 15:32:12 +0100 Subject: [PATCH 17/20] Fix copypasta Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f311acb1daec..1d678dbfc29c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -413,7 +413,7 @@ ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) /** The public key type corresponding to a key pair type. * - * You may also pass a key pair type as \p type, it will be left unchanged. + * You may also pass a public key type as \p type, it will be left unchanged. * * \param type A public key type or key pair type. * From 6fe8a06f7eae94789d6de9813b1c9cfd0792a8eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 17:21:17 +0100 Subject: [PATCH 18/20] New test helper: mbedtls_test_key_consistency_psa_pk Test that a PK key and a PSA key are consistent, i.e. that they have the same type (or are a key pair and the corresponding public key) and that they have the same public key. Signed-off-by: Gilles Peskine --- tests/include/test/psa_exercise_key.h | 21 ++++++ tests/src/psa_exercise_key.c | 103 ++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 7d51a4c536ea..44f5c08aa9a9 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -14,6 +14,10 @@ #include +#if defined(MBEDTLS_PK_C) +#include +#endif + /** \def KNOWN_SUPPORTED_HASH_ALG * * A hash algorithm that is known to be supported. @@ -237,4 +241,21 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, */ int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); +#if defined(MBEDTLS_PK_C) +/** PK-PSA key consistency test. + * + * This function tests that the pk context and the PSA key are + * consistent. At a minimum: + * + * - The two objects must contain keys of the same type, + * or a key pair and a public key of the matching type. + * - The two objects must have the same public key. + * + * \retval 0 The key failed the consistency tests. + * \retval 1 The key passed the consistency tests. + */ +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk); +#endif /* MBEDTLS_PK_C */ + #endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 80419d1a8879..7b81052c8c7b 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -20,6 +20,16 @@ #include #include +#if defined(MBEDTLS_PK_C) +#include +#endif +#if defined(MBEDTLS_ECP_C) +#include +#endif +#if defined(MBEDTLS_RSA_C) +#include +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) { @@ -1054,4 +1064,97 @@ int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) return 1; } +#if defined(MBEDTLS_PK_C) +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk) +{ + psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT; + int ok = 0; + + PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes)); + psa_key_type_t psa_type = psa_get_key_type(&psa_attributes); + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + + TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) || + PSA_KEY_TYPE_IS_KEY_PAIR(psa_type)); + TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk)); + + uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + const uint8_t *pk_public = NULL; + size_t pk_public_length = 0; + + switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type)); + const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer); + uint8_t *cursor = end; + TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa, + pk_public_buffer, &cursor)); + pk_public = cursor; + pk_public_length = end - pk_public; + break; +#endif + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); + TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); + pk_public = pk->pub_raw; + pk_public_length = pk->pub_raw_len; + break; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + TEST_EQUAL(mbedtls_ecp_write_public_key( + ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, + pk_public_buffer, sizeof(pk_public_buffer)), 0); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes)); + psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes); + TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type), + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type)); + PSA_ASSERT(psa_export_public_key(psa_key, + pk_public_buffer, + sizeof(pk_public_buffer), + &pk_public_length)); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + TEST_FAIL("pk type not supported"); + } + + uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + size_t psa_public_length = 0; + PSA_ASSERT(psa_export_public_key(psa_key, + psa_public, sizeof(psa_public), + &psa_public_length)); + TEST_MEMORY_COMPARE(pk_public, pk_public_length, + psa_public, psa_public_length); + + ok = 1; + +exit: + psa_reset_key_attributes(&psa_attributes); + psa_reset_key_attributes(&pk_attributes); + return ok; +} +#endif /* MBEDTLS_PK_C */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 2ec141a429635e2a764be7393a57e1ebf00b0545 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 17:22:37 +0100 Subject: [PATCH 19/20] After pk_import_into_psa, test that the keys match We were testing the internal consistency of the resulting key, and that the resulting key had the right metadata, but we were not testing that the PSA key had the expected key material. Comparing the public keys fixes that. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 16 ++++++++++++++++ tests/suites/test_suite_pkparse.function | 3 +++ 2 files changed, 19 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 4ea7a70157fa..39e38465244c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -19,6 +19,8 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include + /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" @@ -1893,6 +1895,9 @@ void pk_get_psa_attributes(int pk_type, int from_pair, TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } exit: mbedtls_pk_free(&pk); @@ -1938,6 +1943,9 @@ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } exit: mbedtls_pk_free(&pk); @@ -2026,6 +2034,11 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, } TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), expected_import_ret); + if (expected_import_ret == 0) { + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } + } } exit: @@ -2117,6 +2130,9 @@ void pk_import_into_psa_opaque(int from_type, int from_bits, expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; } TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); + if (!mbedtls_test_key_consistency_psa_pk(to_key_id, &pk)) { + goto exit; + } } else { TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); } diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index add225d73576..f275c324d580 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -48,6 +48,9 @@ static int test_psa_bridge(const mbedtls_pk_context *ctx, TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + if (!mbedtls_test_key_consistency_psa_pk(psa_key, ctx)) { + goto exit; + } psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes); psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes); From 83b8baf8995d8a874dba3b623c486196ad068609 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Feb 2024 17:26:07 +0100 Subject: [PATCH 20/20] mbedtls_pk_import_into_psa: fix Montgomery keys in the legacy case Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which assumed a Weierstrass key. This fixes the Montgomery private key parse tests in test_suite_pkparse. Signed-off-by: Gilles Peskine --- library/pk.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/pk.c b/library/pk.c index 28663a828ca0..c05ea5d1b169 100644 --- a/library/pk.c +++ b/library/pk.c @@ -704,17 +704,19 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_TYPE_MISMATCH; } unsigned char key_buffer[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - int ret = mbedtls_ecp_write_key(ec, - key_buffer, sizeof(key_buffer)); + /* Make sure to pass the exact key length to + * mbedtls_ecp_write_key(), because it writes Montgomery keys + * at the start of the buffer but Weierstrass keys at the + * end of the buffer. */ + size_t key_length = PSA_BITS_TO_BYTES(ec->grp.nbits); + int ret = mbedtls_ecp_write_key(ec, key_buffer, key_length); if (ret < 0) { return ret; } - size_t key_length = PSA_BITS_TO_BYTES(ec->grp.nbits); - unsigned char *key_data = key_buffer + sizeof(key_buffer) - key_length; ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, - key_data, key_length, + key_buffer, key_length, key_id)); - mbedtls_platform_zeroize(key_data, key_length); + mbedtls_platform_zeroize(key_buffer, key_length); return ret; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ }