From 043c8c5de87bcfc4f56b1a2db249dc2d4b1f549a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 8 Jul 2022 10:33:44 +0200 Subject: [PATCH] Add USE_PSA version of PK test functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While at it, also fix buffer size for functions that already depend on USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that use it or not depending on USE_PSA. The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function always uses MD - currently this is the case with pk_sign_verify_restart() as it is incompatible with USE_PSA anyway. Signed-off-by: Manuel Pégourié-Gonnard --- library/use_psa_helpers.h | 15 ++++++++++--- tests/suites/test_suite_pk.function | 34 +++++++++++++++++++++++------ 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/library/use_psa_helpers.h b/library/use_psa_helpers.h index 6b63ce833a..e9a133590c 100644 --- a/library/use_psa_helpers.h +++ b/library/use_psa_helpers.h @@ -1,8 +1,10 @@ /** * Internal macros for parts of the code governed by MBEDTLS_USE_PSA_CRYPTO. - * These macros allow checking if an algorithm is available, either via the - * legacy API or the PSA Crypto API, depending on MBEDTLS_USE_PSA_CRYPTO. - * When possible, they're named after the corresponding PSA_WANT_ macro. + * Some macros allow checking if an algorithm is available, either via the + * legacy API or the PSA Crypto API, depending on MBEDTLS_USE_PSA_CRYPTO; + * when possible, they're named after the corresponding PSA_WANT_ macro. + * Other macros provide max sizes or similar information in a USE_PSA-aware + * way; they're name after a similar constant from the legacy API or PSA. * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -55,4 +57,11 @@ #define MBEDTLS_USE_PSA_WANT_ALG_SHA_512 #endif +/* Hash information */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define MBEDTLS_USE_PSA_MD_MAX_SIZE PSA_HASH_MAX_SIZE +#else +#define MBEDTLS_USE_PSA_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE +#endif + #endif /* MBEDTLS_USE_PSA_HELPERS_H */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 78338d77f7..7fe45949d5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -8,6 +8,7 @@ #include "mbedtls/rsa.h" #include "md_internal.h" +#include "use_psa_helpers.h" #include #include @@ -481,7 +482,7 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, char * input_E, data_t * result_str, int result ) { - unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; + unsigned char hash_result[MBEDTLS_USE_PSA_MD_MAX_SIZE]; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; mbedtls_pk_restart_ctx *rs_ctx = NULL; @@ -498,7 +499,7 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, mbedtls_pk_init( &pk ); - memset( hash_result, 0x00, MBEDTLS_MD_MAX_SIZE ); + memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); rsa = mbedtls_pk_rsa( pk ); @@ -508,8 +509,20 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + if( digest != MBEDTLS_MD_NONE ) + { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_len; + psa_algorithm_t hash_alg = mbedtls_psa_translate_md( digest ); + TEST_EQUAL( PSA_SUCCESS, psa_hash_compute( hash_alg, + message_str->x, message_str->len, + hash_result, sizeof( hash_result ), &hash_len ) ); + +#else + TEST_EQUAL( 0, mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str->x, message_str->len, hash_result ) ); +#endif + } TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, result_str->x, mbedtls_pk_get_len( &pk ) ) == result ); @@ -534,7 +547,7 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, int mgf1_hash_id, int salt_len, int sig_len, int result ) { - unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; + unsigned char hash_result[MBEDTLS_USE_PSA_MD_MAX_SIZE]; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; mbedtls_pk_rsassa_pss_options pss_opts; @@ -557,10 +570,17 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, if( digest != MBEDTLS_MD_NONE ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_algorithm_t hash_alg = mbedtls_psa_translate_md( digest ); + TEST_EQUAL( PSA_SUCCESS, psa_hash_compute( hash_alg, + message_str->x, message_str->len, + hash_result, sizeof( hash_result ), &hash_len ) ); +#else const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( digest ); TEST_ASSERT( mbedtls_md( md_info, message_str->x, message_str->len, hash_result ) == 0 ); hash_len = mbedtls_md_get_size( md_info ); +#endif } else { @@ -1317,7 +1337,7 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) mbedtls_pk_context pk; size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + unsigned char hash[PSA_HASH_MAX_SIZE]; size_t hash_len = mbedtls_md_internal_get_size( md_alg ); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; @@ -1361,7 +1381,7 @@ void pk_psa_wrap_sign_ext( int pk_type, int parameter, int key_pk_type, int md_a unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + unsigned char hash[PSA_HASH_MAX_SIZE]; psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg ); psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH( psa_md_alg );