diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a0d4694949..7e056dbe33 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -330,8 +330,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * storing and manipulating the key material directly. * * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC key pair - * (see notes below). + * \param key The PSA key to wrap, which must hold an ECC or RSA key + * pair (see notes below). * * \note The wrapped key must remain valid as long as the * wrapping PK context is in use, that is at least between @@ -339,8 +339,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * mbedtls_pk_free() is called on this context. The wrapped * key might then be independently used or destroyed. * - * \note This function is currently only available for ECC key - * pairs (that is, ECC keys containing private key material). + * \note This function is currently only available for ECC or RSA + * key pairs (that is, keys containing private key material). * Support for other key types may be added later. * * \return \c 0 on success. diff --git a/library/pk.c b/library/pk.c index 3b42799c7d..0f465cdb4a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_PK_C) #include "mbedtls/pk.h" #include "pk_wrap.h" +#include "pkwrite.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -153,7 +154,7 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key ) { - const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; + const mbedtls_pk_info_t *info = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t *pk_ctx; psa_key_type_t type; @@ -166,9 +167,12 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, type = psa_get_key_type( &attributes ); psa_reset_key_attributes( &attributes ); - /* Current implementation of can_do() relies on this. */ - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + info = &mbedtls_pk_ecdsa_opaque_info; + else if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + info = &mbedtls_pk_rsa_opaque_info; + else + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); @@ -699,57 +703,100 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * Load the key to a PSA key slot, * then turn the PK context into a wrapper for that key slot. * - * Currently only works for EC private keys. + * Currently only works for EC & RSA private keys. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, mbedtls_svc_key_id_t *key, psa_algorithm_t hash_alg ) { -#if !defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C) ((void) pk); ((void) key); ((void) hash_alg); - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); #else - const mbedtls_ecp_keypair *ec; - unsigned char d[MBEDTLS_ECP_MAX_BYTES]; - size_t d_len; - psa_ecc_family_t curve_id; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - size_t bits; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ) + { + const mbedtls_ecp_keypair *ec; + unsigned char d[MBEDTLS_ECP_MAX_BYTES]; + size_t d_len; + psa_ecc_family_t curve_id; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t key_type; + size_t bits; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status; - /* export the private key material in the format PSA wants */ - if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + /* export the private key material in the format PSA wants */ + ec = mbedtls_pk_ec( *pk ); + d_len = PSA_BITS_TO_BYTES( ec->grp.nbits ); + if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) + return( ret ); - ec = mbedtls_pk_ec( *pk ); - d_len = ( ec->grp.nbits + 7 ) / 8; - if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) - return( ret ); + curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); + key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); - curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); - key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); + /* prepare the key attributes */ + psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, bits ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) ); + psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); - /* prepare the key attributes */ - psa_set_key_type( &attributes, key_type ); - psa_set_key_bits( &attributes, bits ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); - psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); + /* import private key into PSA */ + status = psa_import_key( &attributes, d, d_len, key ); + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa( status ) ); - /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + /* make PK context wrap the key slot */ + mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); - /* make PK context wrap the key slot */ - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); - - return( mbedtls_pk_setup_opaque( pk, *key ) ); + return( mbedtls_pk_setup_opaque( pk, *key ) ); + } + else #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) + { + unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + int key_len; + psa_status_t status; + + /* export the private key material in the format PSA wants */ + key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) ); + if( key_len <= 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + /* prepare the key attributes */ + psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); + psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, + PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) ); + + /* import private key into PSA */ + status = psa_import_key( &attributes, + buf + sizeof( buf ) - key_len, + key_len, key); + + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa( status ) ); + + /* make PK context wrap the key slot */ + mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); + + return( mbedtls_pk_setup_opaque( pk, *key ) ); + } + else +#endif /* MBEDTLS_RSA_C */ +#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_C */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 266829011a..a9c3c718b2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1493,21 +1493,23 @@ static size_t pk_opaque_get_bitlen( const void *ctx ) return( bits ); } -static int pk_opaque_can_do( mbedtls_pk_type_t type ) +static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type ) { - /* For now opaque PSA keys can only wrap ECC keypairs, - * as checked by setup_psa(). - * Also, ECKEY_DH does not really make sense with the current API. */ return( type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECDSA ); } +static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type ) +{ + return( type == MBEDTLS_PK_RSA ); +} + static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if !defined(MBEDTLS_ECDSA_C) +#if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C) ((void) ctx); ((void) md_alg); ((void) hash); @@ -1518,31 +1520,92 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) f_rng); ((void) p_rng); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#else /* !MBEDTLS_ECDSA_C */ +#else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx; - psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; + psa_key_type_t type; psa_status_t status; /* PSA has its own RNG */ (void) f_rng; (void) p_rng; + status = psa_get_key_attributes( *key, &attributes ); + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa( status ) ); + + type = psa_get_key_type( &attributes ); + psa_reset_key_attributes( &attributes ); + +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + else +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + else +#endif /* MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + /* make the signature */ status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_pk_error_from_psa_ecdsa( status ) ); + { +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + return( mbedtls_pk_error_from_psa_ecdsa( status ) ); + else +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + return( mbedtls_pk_error_from_psa_rsa( status ) ); + else +#endif /* MBEDTLS_RSA_C */ + return( mbedtls_pk_error_from_psa( status ) ); + } - /* transcode it to ASN.1 sequence */ - return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); -#endif /* !MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + /* transcode it to ASN.1 sequence */ + return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); +#endif /* MBEDTLS_ECDSA_C */ + + return 0; +#endif /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */ } -const mbedtls_pk_info_t mbedtls_pk_opaque_info = { +const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { MBEDTLS_PK_OPAQUE, "Opaque", pk_opaque_get_bitlen, - pk_opaque_can_do, + pk_opaque_ecdsa_can_do, + NULL, /* verify - will be done later */ + pk_opaque_sign_wrap, +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + NULL, /* restartable verify - not relevant */ + NULL, /* restartable sign - not relevant */ +#endif + NULL, /* decrypt - not relevant */ + NULL, /* encrypt - not relevant */ + NULL, /* check_pair - could be done later or left NULL */ + pk_opaque_alloc_wrap, + pk_opaque_free_wrap, +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + NULL, /* restart alloc - not relevant */ + NULL, /* restart free - not relevant */ +#endif + NULL, /* debug - could be done later, or even left NULL */ +}; + +const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = { + MBEDTLS_PK_OPAQUE, + "Opaque", + pk_opaque_get_bitlen, + pk_opaque_rsa_can_do, NULL, /* verify - will be done later */ pk_opaque_sign_wrap, #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 1b490cc31b..5e81a652a7 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -136,7 +136,8 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; +extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info; +extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info; #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); diff --git a/library/pkwrite.c b/library/pkwrite.c index 87285f05d5..8b99340507 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -279,21 +279,35 @@ int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *b bits = psa_get_key_bits( &attributes ); psa_reset_key_attributes( &attributes ); - curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); - if( curve == 0 ) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) ) + { + curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); + if( curve == 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, + &oid, &oid_len ); + if( ret != 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + /* Write EC algorithm parameters; that's akin + * to pk_write_ec_param() above. */ + MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, + oid, + oid_len ) ); + + /* The rest of the function works as for legacy EC contexts. */ + pk_type = MBEDTLS_PK_ECKEY; + } + else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + { + /* The rest of the function works as for legacy RSA contexts. */ + pk_type = MBEDTLS_PK_RSA; + } + else + { return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len ); - if( ret != 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - /* Write EC algorithm parameters; that's akin - * to pk_write_ec_param() above. */ - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, - oid, oid_len ) ); - - /* The rest of the function works as for legacy EC contexts. */ - pk_type = MBEDTLS_PK_ECKEY; + } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index cf40e5514e..323efc2c48 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -41,8 +41,13 @@ PK utils: ECDSA SECP521R1 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA" -PK PSA utilities: setup/free, info functions, unsupported operations -pk_psa_utils: +PK PSA utilities: ECDSA setup/free, info functions, unsupported operations +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_psa_utils:0 + +PK PSA utilities: RSA setup/free, info functions, unsupported operations +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_psa_utils:1 RSA verify test vector #1 (good) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 @@ -305,41 +310,45 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 PSA wrapped sign: SECP256R1 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192K1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 -# depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224 +# depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP224K1_ENABLED +# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 -depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 -depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP384R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 -depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 + +PSA wrapped sign: RSA PKCS1 v1.5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ccb90e780c..6c4f9e44d2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -88,11 +88,11 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* - * Generate a key using PSA and return the key identifier of that key, + * Generate an ECC key using PSA and return the key identifier of that key, * or 0 if the key generation failed. * The key uses NIST P-256 and is usable for signing with SHA-256. */ -mbedtls_svc_key_id_t pk_psa_genkey( void ) +mbedtls_svc_key_id_t pk_psa_genkey_ecc( void ) { mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -106,6 +106,27 @@ mbedtls_svc_key_id_t pk_psa_genkey( void ) psa_set_key_bits( &attributes, bits ); PSA_ASSERT( psa_generate_key( &attributes, &key ) ); +exit: + return( key ); +} + +/* + * Generate an RSA key using PSA and return the key identifier of that key, + * or 0 if the key generation failed. + */ +mbedtls_svc_key_id_t pk_psa_genkey_rsa( void ) +{ + mbedtls_svc_key_id_t key; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; + const size_t bits = 1024; + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW ); + psa_set_key_type( &attributes, type ); + psa_set_key_bits( &attributes, bits ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); + exit: return( key ); } @@ -117,15 +138,15 @@ exit: * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -void pk_psa_utils( ) +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_psa_utils( int key_is_rsa ) { mbedtls_pk_context pk, pk2; mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; - const size_t bitlen = 256; /* harcoded in genkey() */ + size_t bitlen; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; unsigned char b1[1], b2[1]; @@ -145,7 +166,16 @@ void pk_psa_utils( ) mbedtls_pk_free( &pk ); mbedtls_pk_init( &pk ); - key = pk_psa_genkey(); + if( key_is_rsa ) + { + bitlen = 1024; /* harcoded in genkey() */ + key = pk_psa_genkey_rsa(); + } + else + { + bitlen = 256; /* harcoded in genkey() */ + key = pk_psa_genkey_ecc(); + } if( mbedtls_svc_key_id_is_null( key ) ) goto exit; @@ -157,9 +187,18 @@ void pk_psa_utils( ) TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen ); TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); + if( key_is_rsa ) + { + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 ); + } + else + { + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); + } /* unsupported operations: verify, decrypt, encrypt */ TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg, @@ -175,8 +214,12 @@ void pk_psa_utils( ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); /* unsupported functions: check_pair, debug */ - TEST_ASSERT( mbedtls_pk_setup( &pk2, - mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + if( key_is_rsa ) + TEST_ASSERT( mbedtls_pk_setup( &pk2, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + else + TEST_ASSERT( mbedtls_pk_setup( &pk2, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2, mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); @@ -1006,14 +1049,13 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ -void pk_psa_sign( int grpid_arg, - int psa_curve_arg, int expected_bits_arg ) +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO */ +void pk_psa_sign( int parameter_arg, + int psa_type_arg, int expected_bits_arg ) { - mbedtls_ecp_group_id grpid = grpid_arg; mbedtls_pk_context pk; unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char pkey_legacy[200]; unsigned char pkey_psa[200]; unsigned char *pkey_legacy_start, *pkey_psa_start; @@ -1021,12 +1063,12 @@ void pk_psa_sign( int grpid_arg, int ret; mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); + psa_key_type_t expected_type = psa_type_arg; size_t expected_bits = expected_bits_arg; /* * This tests making signatures with a wrapped PSA key: - * - generate a fresh ECP legacy PK context + * - generate a fresh ECP/RSA legacy PK context * - wrap it in a PK context and make a signature this way * - extract the public key * - parse it to a PK context and verify the signature this way @@ -1034,13 +1076,38 @@ void pk_psa_sign( int grpid_arg, PSA_ASSERT( psa_crypto_init( ) ); - /* Create legacy EC public/private key in PK context. */ - mbedtls_pk_init( &pk ); - TEST_ASSERT( mbedtls_pk_setup( &pk, - mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_key( grpid, - (mbedtls_ecp_keypair*) pk.pk_ctx, - mbedtls_test_rnd_std_rand, NULL ) == 0 ); +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) + if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) ) + { + /* Create legacy RSA public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ), + mbedtls_test_rnd_std_rand, NULL, + parameter_arg, 3 ) == 0 ); + } + else +#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) ) + { + mbedtls_ecp_group_id grpid = parameter_arg; + + /* Create legacy EC public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( grpid, + (mbedtls_ecp_keypair*) pk.pk_ctx, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); + } + else +#endif /* MBEDTLS_ECDSA_C */ + { + (void) parameter_arg; + TEST_ASSUME( ! "Opaque PK key not supported in this configuration" ); + } /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,