From 445d2192d50debce097213cd1c1190fe30ed24b3 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 10 Feb 2022 15:25:29 +0100 Subject: [PATCH 01/14] Initialize PSA crypto in test_suite_pk pk_rsa_encrypt_test_vec() & pk_rsa_alt() when USE_PSA_CRYPTO is enabled Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 29f862257e..831d2a8bb7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -723,6 +723,7 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( output, 0, sizeof( output ) ); + USE_PSA_INIT( ); mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); @@ -740,6 +741,7 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, exit: mbedtls_pk_free( &pk ); + USE_PSA_DONE( ); } /* END_CASE */ @@ -881,6 +883,8 @@ void pk_rsa_alt( ) size_t sig_len, ciph_len, test_len; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; + USE_PSA_INIT( ); + mbedtls_rsa_init( &raw ); mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt ); @@ -945,6 +949,7 @@ void pk_rsa_alt( ) exit: mbedtls_rsa_free( &raw ); mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt ); + USE_PSA_DONE( ); } /* END_CASE */ From 96a16a429b4f8d672ca9569c4f4043d6be6fffcb Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 10 Feb 2022 10:40:11 +0100 Subject: [PATCH 02/14] PK: RSA encrypt PSA wrap implementation Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f7480c63bb..fc09b326d5 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -226,6 +226,82 @@ static int rsa_decrypt_wrap( void *ctx, olen, input, output, osize ) ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int rsa_encrypt_wrap( void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + mbedtls_pk_context key; + int key_len; + /* see RSA_PUR_DER_MAX_BYTES in pkwrite.c */ + unsigned char buf[38 + 2 * MBEDTLS_MPI_MAX_SIZE]; + mbedtls_pk_info_t pk_info = mbedtls_rsa_info; + psa_algorithm_t psa_alg_md; + + ((void) f_rng); + ((void) p_rng); + +#if !defined(MBEDTLS_RSA_ALT) + switch( rsa->padding ) + { + case MBEDTLS_RSA_PKCS_V15: + psa_alg_md = PSA_ALG_RSA_PKCS1V15_CRYPT; + break; + + default: + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + } +#else + psa_alg_md = PSA_ALG_RSA_PKCS1V15_CRYPT; +#endif + + *olen = mbedtls_rsa_get_len( rsa ); + + if( *olen > osize ) + return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + + /* mbedtls_pk_write_pubkey() expects a full PK context; + * re-construct one to make it happy */ + key.pk_info = &pk_info; + key.pk_ctx = ctx; + key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) ); + if( key_len <= 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY ); + + status = psa_import_key( &attributes, + buf + sizeof( buf ) - key_len, key_len, + &key_id ); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_psa_err_translate_pk( status ); + goto cleanup; + } + + status = psa_asymmetric_encrypt( key_id, psa_alg_md, input, ilen, + NULL, 0, output, osize, olen); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_psa_err_translate_pk( status ); + goto cleanup; + } + + ret = 0; + +cleanup: + psa_destroy_key( key_id ); + return( ret ); +} +#else static int rsa_encrypt_wrap( void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, @@ -240,6 +316,7 @@ static int rsa_encrypt_wrap( void *ctx, return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, ilen, input, output ) ); } +#endif static int rsa_check_pair_wrap( const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), From e0df42cbb77253905a479bc1959ab87a97ce2223 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Feb 2022 14:26:49 +0100 Subject: [PATCH 03/14] Introduce pk_rsa_encrypt_decrypt_test Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 4 ++ tests/suites/test_suite_pk.function | 75 +++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f10774ebf9..b6c16ae90e 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -136,6 +136,10 @@ RSA sign-verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME pk_sign_verify:MBEDTLS_PK_RSA:512:0:0 +RSA encrypt-decrypt test +depends_on:MBEDTLS_PKCS1_V15 +pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":0 + RSA encrypt test vector depends_on:MBEDTLS_PKCS1_V15 pk_rsa_encrypt_test_vec:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 831d2a8bb7..61447afe3c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -709,6 +709,81 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ +void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, int radix_P, + char * input_P, int radix_Q, char * input_Q, + int radix_N, char * input_N, int radix_E, + char * input_E, int ret ) +{ + unsigned char output[300], result[300]; + mbedtls_test_rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; + mbedtls_rsa_context *rsa; + mbedtls_pk_context pk; + size_t olen, rlen; + + mbedtls_pk_init( &pk ); + + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); + memset( output, 0, sizeof( output ) ); + + USE_PSA_INIT( ); + + /* encryption test */ + + /* init pk-rsa context */ + TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + rsa = mbedtls_pk_rsa( pk ); + + /* load public key */ + rsa->len = mod / 8; + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + + /* decryption test */ + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); + + /* init pk-rsa context */ + mbedtls_pk_free( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + rsa = mbedtls_pk_rsa( pk ); + + /* load public key */ + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); + + /* load private key */ + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); + + memset( result, 0, sizeof( result ) ); + rlen = 0; + TEST_ASSERT( mbedtls_pk_decrypt( &pk, output, olen, + result, &rlen, sizeof( result ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + if( ret == 0 ) + { + TEST_ASSERT( rlen == message->len ); + TEST_ASSERT( memcmp( result, message->x, rlen ) == 0 ); + } + +exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); + mbedtls_pk_free( &pk ); + USE_PSA_DONE( ); +} +/* END_CASE */ + + /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, char * input_N, int radix_E, char * input_E, From dac2f23a82dff62bf6c0cdb3872ffec63e906d95 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Feb 2022 14:27:17 +0100 Subject: [PATCH 04/14] Stop checking against reference vector in pk_rsa_encrypt_test_vec when USE_PSA_CRYPTO The pk_rsa_encrypt_test_vec() reference vector is calculated while using mbedtls_test_rnd_pseudo_rand rng source, but since the RNG souce can't be controlled when USE_PSA_CRYPTO is enabled we can't get the same result. The pk_rsa_encrypt_test_vec() fails when switching to mbedtls_test_rnd_std_rand as rng source. Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 61447afe3c..c6533c7dee 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -812,7 +812,10 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, output, &olen, sizeof( output ), mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( olen == result->len ); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + // When using PSA crypto, RNG isn't controllable, so reference vector can't be used TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); +#endif exit: mbedtls_pk_free( &pk ); From ac014ca5d9e0057aa1f5db9bce66211cd2908555 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 24 Feb 2022 15:27:54 +0100 Subject: [PATCH 05/14] Fix comment typos in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fc09b326d5..9f3f111a48 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -239,7 +239,7 @@ static int rsa_encrypt_wrap( void *ctx, psa_status_t status; mbedtls_pk_context key; int key_len; - /* see RSA_PUR_DER_MAX_BYTES in pkwrite.c */ + /* see RSA_PUB_DER_MAX_BYTES in pkwrite.c */ unsigned char buf[38 + 2 * MBEDTLS_MPI_MAX_SIZE]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; psa_algorithm_t psa_alg_md; @@ -266,7 +266,7 @@ static int rsa_encrypt_wrap( void *ctx, if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - /* mbedtls_pk_write_pubkey() expects a full PK context; + /* mbedtls_pk_write_pubkey_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; From 7dd3b20d36ce526340758ddcda55301840560f1c Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 24 Feb 2022 15:29:18 +0100 Subject: [PATCH 06/14] Check psa_destroy_key() return in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9f3f111a48..dd8d013a7c 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -298,7 +298,10 @@ static int rsa_encrypt_wrap( void *ctx, ret = 0; cleanup: - psa_destroy_key( key_id ); + status = psa_destroy_key( key_id ); + if( ret == 0 && status != PSA_SUCCESS ) + ret = mbedtls_psa_err_translate_pk( status ); + return( ret ); } #else From 9dccd866c398cdb9113b4c90113cf38d4e713f4c Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 24 Feb 2022 15:33:13 +0100 Subject: [PATCH 07/14] Check psa_destroy_key() return in ecdsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index dd8d013a7c..a6b96d3501 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -796,7 +796,10 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, ret = 0; cleanup: - psa_destroy_key( key_id ); + status = psa_destroy_key( key_id ); + if( ret == 0 && status != PSA_SUCCESS ) + ret = mbedtls_psa_err_translate_pk( status ); + return( ret ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ From deb4bfb2b953e89c8553c0339fcc15ff67ab1298 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 25 Feb 2022 08:58:12 +0100 Subject: [PATCH 08/14] Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index a6b96d3501..051af9820f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -239,8 +239,7 @@ static int rsa_encrypt_wrap( void *ctx, psa_status_t status; mbedtls_pk_context key; int key_len; - /* see RSA_PUB_DER_MAX_BYTES in pkwrite.c */ - unsigned char buf[38 + 2 * MBEDTLS_MPI_MAX_SIZE]; + unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; psa_algorithm_t psa_alg_md; From 7f1055223d161b8fb7ab0ad5d3e7cd1a8e30184b Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 25 Feb 2022 09:14:49 +0100 Subject: [PATCH 09/14] Remove pk_rsa_encrypt_test_vec() test in favor to pk_rsa_encrypt_decrypt_test() Not checking the encrypt result with PSA makes the test useless. Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 4 --- tests/suites/test_suite_pk.function | 40 ----------------------------- 2 files changed, 44 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index b6c16ae90e..7d4fbcd8e7 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -140,10 +140,6 @@ RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":0 -RSA encrypt test vector -depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_encrypt_test_vec:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0 - RSA decrypt test vector #1 depends_on:MBEDTLS_PKCS1_V15 pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c6533c7dee..d4507dc6f1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -783,46 +783,6 @@ exit: } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, - char * input_N, int radix_E, char * input_E, - data_t * result, int ret ) -{ - unsigned char output[300]; - mbedtls_test_rnd_pseudo_info rnd_info; - mbedtls_rsa_context *rsa; - mbedtls_pk_context pk; - size_t olen; - - memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - memset( output, 0, sizeof( output ) ); - - USE_PSA_INIT( ); - - mbedtls_pk_init( &pk ); - TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); - rsa = mbedtls_pk_rsa( pk ); - - rsa->len = mod / 8; - TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); - TEST_ASSERT( olen == result->len ); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - // When using PSA crypto, RNG isn't controllable, so reference vector can't be used - TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); -#endif - -exit: - mbedtls_pk_free( &pk ); - USE_PSA_DONE( ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, From c921bfdf30b68be37e6c1c3312580e0b7ddd23f8 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 3 Mar 2022 14:35:38 +0100 Subject: [PATCH 10/14] Fix 80 characters indentation in pk_rsa_encrypt_decrypt_test() Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d4507dc6f1..de80733a51 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -750,7 +750,8 @@ void pk_rsa_encrypt_decrypt_test( data_t * message, int mod, int radix_P, /* init pk-rsa context */ mbedtls_pk_free( &pk ); - TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); rsa = mbedtls_pk_rsa( pk ); /* load public key */ From 3770e2483f7f9cf0101e9f3294d8fcf81705dcab Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 3 Mar 2022 16:37:33 +0100 Subject: [PATCH 11/14] Use new PSA to mbedtls PK error mapping functions in pk_wrap.c Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 051af9820f..d105e3985e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -282,7 +282,7 @@ static int rsa_encrypt_wrap( void *ctx, &key_id ); if( status != PSA_SUCCESS ) { - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } @@ -290,7 +290,7 @@ static int rsa_encrypt_wrap( void *ctx, NULL, 0, output, osize, olen); if( status != PSA_SUCCESS ) { - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa_rsa( status ); goto cleanup; } @@ -299,7 +299,7 @@ static int rsa_encrypt_wrap( void *ctx, cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa( status ); return( ret ); } @@ -797,7 +797,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa( status ); return( ret ); } From 7b1dc85919c40ba4a6329e621b6bacad08e6d775 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 16 Mar 2022 15:35:41 +0100 Subject: [PATCH 12/14] Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index d105e3985e..04db6f8a7f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -241,23 +241,13 @@ static int rsa_encrypt_wrap( void *ctx, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - psa_algorithm_t psa_alg_md; ((void) f_rng); ((void) p_rng); #if !defined(MBEDTLS_RSA_ALT) - switch( rsa->padding ) - { - case MBEDTLS_RSA_PKCS_V15: - psa_alg_md = PSA_ALG_RSA_PKCS1V15_CRYPT; - break; - - default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - } -#else - psa_alg_md = PSA_ALG_RSA_PKCS1V15_CRYPT; + if( rsa->padding != MBEDTLS_RSA_PKCS_V15 ) + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); #endif *olen = mbedtls_rsa_get_len( rsa ); @@ -274,7 +264,7 @@ static int rsa_encrypt_wrap( void *ctx, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); - psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_CRYPT ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY ); status = psa_import_key( &attributes, @@ -286,8 +276,10 @@ static int rsa_encrypt_wrap( void *ctx, goto cleanup; } - status = psa_asymmetric_encrypt( key_id, psa_alg_md, input, ilen, - NULL, 0, output, osize, olen); + status = psa_asymmetric_encrypt( key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + input, ilen, + NULL, 0, + output, osize, olen ); if( status != PSA_SUCCESS ) { ret = mbedtls_pk_error_from_psa_rsa( status ); From da1d80db190f2a428777169656e15a2a6e7eed1e Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 16 Mar 2022 15:36:32 +0100 Subject: [PATCH 13/14] Use mbedtls_rsa_info directly in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 04db6f8a7f..73005cfdaa 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -240,7 +240,6 @@ static int rsa_encrypt_wrap( void *ctx, mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; - mbedtls_pk_info_t pk_info = mbedtls_rsa_info; ((void) f_rng); ((void) p_rng); @@ -257,7 +256,7 @@ static int rsa_encrypt_wrap( void *ctx, /* mbedtls_pk_write_pubkey_der() expects a full PK context; * re-construct one to make it happy */ - key.pk_info = &pk_info; + key.pk_info = &mbedtls_rsa_info; key.pk_ctx = ctx; key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 ) From 62e6ea2c22244953b0f86a84378fd4fbd75f2280 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 18 Mar 2022 15:39:44 +0100 Subject: [PATCH 14/14] Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 73005cfdaa..8f9b5e56ed 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -249,9 +249,7 @@ static int rsa_encrypt_wrap( void *ctx, return( MBEDTLS_ERR_RSA_INVALID_PADDING ); #endif - *olen = mbedtls_rsa_get_len( rsa ); - - if( *olen > osize ) + if( mbedtls_rsa_get_len( rsa ) > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); /* mbedtls_pk_write_pubkey_der() expects a full PK context;