From 5bcd3cc217d29ac4e15d9781f80ba6f023f144a8 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:43:37 +0000 Subject: [PATCH 01/16] Add internal struct for iop export public-key context Signed-off-by: Waleed Elmelegy --- .../include/psa/crypto_builtin_composites.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h index 14e759b13d..c6bd0fdfd9 100644 --- a/tf-psa-crypto/include/psa/crypto_builtin_composites.h +++ b/tf-psa-crypto/include/psa/crypto_builtin_composites.h @@ -248,4 +248,22 @@ typedef struct { #define MBEDTLS_PSA_KEY_AGREEMENT_IOP_INIT { 0 } #endif +/* Context structure for the Mbed TLS interruptible export public-key implementation. */ +typedef struct { +#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_keypair *MBEDTLS_PRIVATE(key); + mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(restart_ctx); + uint32_t MBEDTLS_PRIVATE(num_ops); +#else + /* Make the struct non-empty if algs not supported. */ + unsigned MBEDTLS_PRIVATE(dummy); +#endif +} mbedtls_psa_export_public_key_iop_operation_t; + +#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#define MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0, MBEDTLS_ECP_RESTART_INIT, 0 } +#else +#define MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0 } +#endif + #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ From 07d2bc0ffe479dfe0de6e3c7db9910b2551f333d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:45:28 +0000 Subject: [PATCH 02/16] Add headers for internal iop export public-key setup & abort APIs Signed-off-by: Waleed Elmelegy --- .../drivers/builtin/src/psa_crypto_ecp.h | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h index f3ff32328b..506516de76 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h @@ -120,6 +120,44 @@ psa_status_t mbedtls_psa_ecp_export_public_key( const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); +/** + * \brief Setup a new interruptible export public-key operation. + * + * \param[in] operation The \c mbedtls_psa_export_public_key_iop_operation_t to use. + * This must be initialized first. + * \param[in] private_key pointer to private key. + * \param[in] private_key_len size of \p private_key in bytes. + * \param[in] private_key_attributes Key attributes of the private key. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c mbedtls_psa_ecp_export_public_key_iop_complete() + * with the same operation to complete the operation. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Either no internal interruptible operations are + * currently supported, or the key attributes are not unsupported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There was insufficient memory to load the key representation. + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * + */ +psa_status_t mbedtls_psa_ecp_export_public_key_iop_setup( + mbedtls_psa_export_public_key_iop_operation_t *operation, + uint8_t *private_key, + size_t private_key_len, + const psa_key_attributes_t *private_key_attributes); + +/** + * \brief Abort an interruptible export public-key operation. + * + * \param[in] operation The \c mbedtls_psa_export_public_key_iop_operation_t to abort. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + */ +psa_status_t mbedtls_psa_ecp_export_public_key_iop_abort( + mbedtls_psa_export_public_key_iop_operation_t *operation); + /** * \brief Generate an ECP key. * From 9958ff6e9687d78ec37c0196de701f6c9f90379d Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:47:13 +0000 Subject: [PATCH 03/16] Add PSA iop export public-key struct members Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/include/psa/crypto_struct.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h index 09f4c18175..d0300da004 100644 --- a/tf-psa-crypto/include/psa/crypto_struct.h +++ b/tf-psa-crypto/include/psa/crypto_struct.h @@ -584,15 +584,20 @@ struct psa_export_public_key_iop_s { * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); + mbedtls_psa_export_public_key_iop_operation_t MBEDTLS_PRIVATE(ctx); + unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; + uint32_t MBEDTLS_PRIVATE(num_ops); #endif }; + #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) #define PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0 } #else -#define PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0 } +#define PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0, MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT, 0, 0 } #endif -static inline struct psa_export_public_key_iop_s psa_export_public_key_iop_init(void) +static inline struct psa_export_public_key_iop_s +psa_export_public_key_iop_init(void) { const struct psa_export_public_key_iop_s v = PSA_EXPORT_PUBLIC_KEY_IOP_INIT; From e2a9b6a3b56fa6c55afecefb3dde3d84a0b7a7d6 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:52:59 +0000 Subject: [PATCH 04/16] Add internal iop export public-key setup API Signed-off-by: Waleed Elmelegy --- .../drivers/builtin/src/psa_crypto_ecp.c | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index b2764b0649..a3ceb01c7e 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -654,6 +654,31 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( return PSA_SUCCESS; } +psa_status_t mbedtls_psa_ecp_export_public_key_iop_setup( + mbedtls_psa_export_public_key_iop_operation_t *operation, + uint8_t *private_key, + size_t private_key_len, + const psa_key_attributes_t *private_key_attributes) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + status = mbedtls_psa_ecp_load_representation( + psa_get_key_type(private_key_attributes), + psa_get_key_bits(private_key_attributes), + private_key, + private_key_len, + &operation->key); + if (status != PSA_SUCCESS) { + goto exit; + } + + mbedtls_ecp_restart_init(&operation->restart_ctx); + operation->num_ops = 0; + +exit: + return status; +} + #endif /****************************************************************/ /* Interruptible ECC Key Agreement */ From 14aef9875833b92436ca36ff167e5c765ea857d1 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:53:49 +0000 Subject: [PATCH 05/16] Add internal iop export public-key abort API Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index a3ceb01c7e..b58587f728 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -679,6 +679,16 @@ exit: return status; } +psa_status_t mbedtls_psa_ecp_export_public_key_iop_abort( + mbedtls_psa_export_public_key_iop_operation_t *operation) +{ + mbedtls_ecp_keypair_free(operation->key); + mbedtls_free(operation->key); + mbedtls_ecp_restart_free(&operation->restart_ctx); + operation->num_ops = 0; + return PSA_SUCCESS; +} + #endif /****************************************************************/ /* Interruptible ECC Key Agreement */ From 3d5ed793e7c6ddcd54e4ca114cf99ae9b7b24c8c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:55:18 +0000 Subject: [PATCH 06/16] Add PSA internal iop export public-key abort function Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 4fb6ab5097..9fd908dce2 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1665,6 +1665,23 @@ exit: /* Interruptible ECC Export Public-key */ /****************************************************************/ +#if defined(MBEDTLS_ECP_RESTARTABLE) +static psa_status_t psa_export_public_key_iop_abort_internal(psa_export_public_key_iop_t *operation) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (operation->id == 0) { + return PSA_SUCCESS; + } + + status = mbedtls_psa_ecp_export_public_key_iop_abort(&operation->ctx); + + operation->id = 0; + + return status; +} +#endif + uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t *operation) { (void) operation; From cd189e881b019a6b7cab3fc46afb991791715f83 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:56:09 +0000 Subject: [PATCH 07/16] Add PSA iop export public-key setup API Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 54 +++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 9fd908dce2..310dab8a22 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1689,12 +1689,62 @@ uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t *oper } psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t *operation, - psa_key_id_t key) + mbedtls_svc_key_id_t key) { +#if defined(MBEDTLS_ECP_RESTARTABLE) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + size_t key_size = 0; + psa_key_attributes_t private_key_attributes; + psa_key_type_t private_key_type; + psa_key_slot_t *slot = NULL; + + if (operation->id != 0 || operation->error_occurred) { + return PSA_ERROR_BAD_STATE; + } + + /* We only support the builtin/Mbed TLS driver for now. */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + status = psa_get_and_lock_transparent_key_slot_with_policy(key, &slot, + 0, + 0); + if (status != PSA_SUCCESS) { + goto exit; + } + + private_key_attributes = slot->attr; + if (status != PSA_SUCCESS) { + goto exit; + } + + private_key_type = psa_get_key_type(&private_key_attributes); + if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key_type)) { + goto exit; + } + + key_size = PSA_EXPORT_KEY_OUTPUT_SIZE(private_key_type, + psa_get_key_bits(&private_key_attributes)); + if (key_size == 0) { + goto exit; + } + + status = mbedtls_psa_ecp_export_public_key_iop_setup(&operation->ctx, slot->key.data, + slot->key.bytes, &private_key_attributes); + +exit: + unlock_status = psa_unregister_read_under_mutex(slot); + if (status != PSA_SUCCESS) { + psa_export_public_key_iop_abort_internal(operation); + operation->error_occurred = 1; + return status; + } + return unlock_status; +#else (void) operation; (void) key; - return PSA_ERROR_NOT_SUPPORTED; +#endif } psa_status_t psa_export_public_key_iop_complete(psa_export_public_key_iop_t *operation, From ada977f4c3fd204e58f371ae4eb789e3c931dcf2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:57:08 +0000 Subject: [PATCH 08/16] Add PSA iop export public-key abort API Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 310dab8a22..038bd986c0 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1762,9 +1762,19 @@ psa_status_t psa_export_public_key_iop_complete(psa_export_public_key_iop_t *ope psa_status_t psa_export_public_key_iop_abort(psa_export_public_key_iop_t *operation) { - (void) operation; +#if defined(MBEDTLS_ECP_RESTARTABLE) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - return PSA_ERROR_NOT_SUPPORTED; + status = psa_export_public_key_iop_abort_internal(operation); + + operation->num_ops = 0; + operation->error_occurred = 0; + + return status; +#else + (void) operation; + return PSA_SUCCESS; +#endif } /** Validate that a key policy is internally well-formed. @@ -8510,7 +8520,6 @@ psa_status_t psa_generate_key_iop_abort( #endif } - /****************************************************************/ /* Module setup */ /****************************************************************/ From 5bcc1b983552702323af89f62856354df2a8ee0a Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 11:58:50 +0000 Subject: [PATCH 09/16] Add iop export public-key tests Signed-off-by: Waleed Elmelegy --- .../tests/suites/test_suite_psa_crypto.data | 39 ++++++++++++ .../suites/test_suite_psa_crypto.function | 62 +++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 707e5b002b..8cb7eeb2e2 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7925,6 +7925,45 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY +PSA interruptible export public key: ECC, SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve25519, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve448, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP384R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP521R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP192K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP256K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, brainpool256r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA interruptible export public key: ECC, brainpool384r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS + +PSA export public-key interruptible object initializers zero properly +export_public_key_iop_init: + ECP group ID <-> PSA family - SECP192R1 depends_on:PSA_WANT_ECC_SECP_R1_192 ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192 diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 67910627cd..cdc369e507 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10349,6 +10349,68 @@ void generate_key_iop_init() } /* END_CASE */ +/* BEGIN_CASE */ +void export_public_key( + int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int expected_status_arg) +{ + mbedtls_svc_key_id_t iop_key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t type = type_arg; + psa_key_usage_t usage = usage_arg; + size_t bits = bits_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_export_public_key_iop_t export_key_operation = PSA_EXPORT_PUBLIC_KEY_IOP_INIT; + psa_status_t status; + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + + /* Adjust expected_status for interruptible export public-key. + * Interruptible export public-key is only supported for ECC key pairs and even + * for those only when MBEDTLS_ECP_RESTARTABLE is on. + */ + if (!PSA_KEY_TYPE_IS_ECC(type)) { + expected_status = PSA_ERROR_NOT_SUPPORTED; + } + +#if !defined(MBEDTLS_ECP_RESTARTABLE) + expected_status = PSA_ERROR_NOT_SUPPORTED; +#endif + + status = psa_generate_key(&attributes, &iop_key); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_export_public_key_iop_setup(&export_key_operation, iop_key); + TEST_EQUAL(status, expected_status); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + /* Test calling setup() 2 times consecutively will fail. */ + status = psa_export_public_key_iop_setup(&export_key_operation, iop_key); + TEST_EQUAL(status, PSA_ERROR_BAD_STATE); +#endif + + TEST_EQUAL(psa_export_public_key_iop_abort(&export_key_operation), PSA_SUCCESS); + + /* Test that after calling abort operation is reset to it's fresh state */ + status = psa_export_public_key_iop_setup(&export_key_operation, iop_key); + TEST_EQUAL(status, expected_status); + +exit: + psa_export_public_key_iop_abort(&export_key_operation); + psa_destroy_key(iop_key); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void generate_key_custom(int type_arg, int bits_arg, From ea35fac4f1be0a88eff3fdb5c61ad6df3a3eb1c0 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 12:01:09 +0000 Subject: [PATCH 10/16] Add iop export public-key initializers test Signed-off-by: Waleed Elmelegy --- .../tests/suites/test_suite_psa_crypto.function | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index cdc369e507..b28ffd7ec0 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10411,6 +10411,21 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void export_public_key_iop_init() +{ + psa_export_public_key_iop_t init = PSA_EXPORT_PUBLIC_KEY_IOP_INIT; + psa_export_public_key_iop_t fun = psa_export_public_key_iop_init(); + psa_export_public_key_iop_t zero; + + memset(&zero, 0, sizeof(zero)); + + PSA_ASSERT(psa_export_public_key_iop_abort(&init)); + PSA_ASSERT(psa_export_public_key_iop_abort(&fun)); + PSA_ASSERT(psa_export_public_key_iop_abort(&zero)); +} +/* END_CASE */ + /* BEGIN_CASE */ void generate_key_custom(int type_arg, int bits_arg, From b30233f6c374c22e9b6b060ec2ee594308f5da8a Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 20 Nov 2024 15:41:08 +0000 Subject: [PATCH 11/16] Change key param to mbedtls_svc_key_id_t in psa_export_public_key_iop_setup() Signed-off-by: Waleed Elmelegy --- tests/include/test/psa_test_wrappers.h | 2 +- tests/src/psa_test_wrappers.c | 2 +- tf-psa-crypto/include/psa/crypto.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index 880f34c7af..904baad7d8 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -363,7 +363,7 @@ psa_status_t mbedtls_test_wrap_psa_export_public_key_iop_complete( psa_status_t mbedtls_test_wrap_psa_export_public_key_iop_setup( psa_export_public_key_iop_t *arg0_operation, - psa_key_id_t arg1_key); + mbedtls_svc_key_id_t arg1_key); #define psa_export_public_key_iop_setup(arg0_operation, arg1_key) \ mbedtls_test_wrap_psa_export_public_key_iop_setup(arg0_operation, arg1_key) diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 65d81573a7..3df07723a2 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -623,7 +623,7 @@ psa_status_t mbedtls_test_wrap_psa_export_public_key_iop_complete( /* Wrapper for psa_export_public_key_iop_setup */ psa_status_t mbedtls_test_wrap_psa_export_public_key_iop_setup( psa_export_public_key_iop_t *arg0_operation, - psa_key_id_t arg1_key) + mbedtls_svc_key_id_t arg1_key) { psa_status_t status = (psa_export_public_key_iop_setup)(arg0_operation, arg1_key); return status; diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index c1ef041f77..6ea945d3ec 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5677,7 +5677,7 @@ uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t *oper * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t *operation, - psa_key_id_t key); + mbedtls_svc_key_id_t key); /** * \brief Continue and eventually complete the action of From 84cc90f63ac1f1604572da25bff694b9262a5312 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 27 Nov 2024 15:44:53 +0000 Subject: [PATCH 12/16] Improve parameter checking in psa_export_public_key_iop_setup() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 038bd986c0..827a228c64 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1714,18 +1714,23 @@ psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t *operat } private_key_attributes = slot->attr; - if (status != PSA_SUCCESS) { + + private_key_type = psa_get_key_type(&private_key_attributes); + + if (!PSA_KEY_TYPE_IS_KEY_PAIR(private_key_type)) { + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - private_key_type = psa_get_key_type(&private_key_attributes); if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key_type)) { + status = PSA_ERROR_NOT_SUPPORTED; goto exit; } key_size = PSA_EXPORT_KEY_OUTPUT_SIZE(private_key_type, psa_get_key_bits(&private_key_attributes)); if (key_size == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } From c2790c60a0a1f1e0e552dc8f927711ea7ac1e74f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 27 Nov 2024 15:46:21 +0000 Subject: [PATCH 13/16] Add negative tests for interruptible export public-key Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/tests/suites/test_suite_psa_crypto.data | 8 ++++++++ tf-psa-crypto/tests/suites/test_suite_psa_crypto.function | 8 -------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 8cb7eeb2e2..2e8d75abc1 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7961,6 +7961,14 @@ PSA interruptible export public key: ECC, brainpool384r1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +PSA interruptible export public key: RSA, not ECC key, Not supported +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 +export_public_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED + +PSA interruptible export public key: AES, not keypair, Invalid argument +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES +export_public_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_ERROR_INVALID_ARGUMENT + PSA export public-key interruptible object initializers zero properly export_public_key_iop_init: diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index b28ffd7ec0..f27730397e 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10374,14 +10374,6 @@ void export_public_key( psa_set_key_type(&attributes, type); psa_set_key_bits(&attributes, bits); - /* Adjust expected_status for interruptible export public-key. - * Interruptible export public-key is only supported for ECC key pairs and even - * for those only when MBEDTLS_ECP_RESTARTABLE is on. - */ - if (!PSA_KEY_TYPE_IS_ECC(type)) { - expected_status = PSA_ERROR_NOT_SUPPORTED; - } - #if !defined(MBEDTLS_ECP_RESTARTABLE) expected_status = PSA_ERROR_NOT_SUPPORTED; #endif From 3c7f5c0047cea91474f553be86085604fa923e58 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 27 Nov 2024 15:46:59 +0000 Subject: [PATCH 14/16] Change pointer init in export public-key iop struct to NULL Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/include/psa/crypto_builtin_composites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h index c6bd0fdfd9..9bd58f9d9e 100644 --- a/tf-psa-crypto/include/psa/crypto_builtin_composites.h +++ b/tf-psa-crypto/include/psa/crypto_builtin_composites.h @@ -261,7 +261,7 @@ typedef struct { } mbedtls_psa_export_public_key_iop_operation_t; #if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ECP_RESTARTABLE) -#define MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0, MBEDTLS_ECP_RESTART_INIT, 0 } +#define MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT { NULL, MBEDTLS_ECP_RESTART_INIT, 0 } #else #define MBEDTLS_PSA_EXPORT_PUBLIC_KEY_IOP_INIT { 0 } #endif From 568d057b0a087aee44e3f42aa0c55da18d211eb9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 27 Nov 2024 15:54:02 +0000 Subject: [PATCH 15/16] Add iop prefix to interruptible export-public key testing function to distinguish it from non-interruptible. Signed-off-by: Waleed Elmelegy --- .../tests/suites/test_suite_psa_crypto.data | 22 +++++++++---------- .../suites/test_suite_psa_crypto.function | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 2e8d75abc1..35073af206 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7927,47 +7927,47 @@ persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b PSA interruptible export public key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, Curve25519, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, Curve448, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, SECP384R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, SECP521R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, SECP192K1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, SECP256K1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, brainpool256r1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: ECC, brainpool384r1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA interruptible export public key: RSA, not ECC key, Not supported depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 -export_public_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED +iop_export_public_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED PSA interruptible export public key: AES, not keypair, Invalid argument depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -export_public_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_ERROR_INVALID_ARGUMENT +iop_export_public_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_ERROR_INVALID_ARGUMENT PSA export public-key interruptible object initializers zero properly export_public_key_iop_init: diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index f27730397e..c555093f6f 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10350,7 +10350,7 @@ void generate_key_iop_init() /* END_CASE */ /* BEGIN_CASE */ -void export_public_key( +void iop_export_public_key( int type_arg, int bits_arg, int usage_arg, From 29f65a874f4b434bf0d196beea07dba68a570f40 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 28 Nov 2024 19:39:58 +0000 Subject: [PATCH 16/16] Chane error code in psa_export_public_key_iop_setup() in case key size is 0 Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 827a228c64..beb17d5276 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1730,7 +1730,7 @@ psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t *operat key_size = PSA_EXPORT_KEY_OUTPUT_SIZE(private_key_type, psa_get_key_bits(&private_key_attributes)); if (key_size == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_NOT_SUPPORTED; goto exit; }