From eabbf9d9073d34c0635538804fb195d262ed5fab Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 12:01:26 +0100 Subject: [PATCH 01/15] Add support for RSA PK Opaque key Signed-off-by: Neil Armstrong --- library/pk.c | 11 +++++++---- library/pk_wrap.c | 48 +++++++++++++++++++++++++++++++++++++++++++---- library/pk_wrap.h | 3 ++- 3 files changed, 53 insertions(+), 9 deletions(-) diff --git a/library/pk.c b/library/pk.c index 3b42799c7d..abed468a0f 100644 --- a/library/pk.c +++ b/library/pk.c @@ -153,7 +153,7 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key ) { - const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; + const mbedtls_pk_info_t *info = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t *pk_ctx; psa_key_type_t type; @@ -166,9 +166,12 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, type = psa_get_key_type( &attributes ); psa_reset_key_attributes( &attributes ); - /* Current implementation of can_do() relies on this. */ - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + info = &mbedtls_pk_ecdsa_opaque_info; + else if( PSA_KEY_TYPE_IS_RSA( type ) ) + info = &mbedtls_pk_rsa_opaque_info; + else + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 266829011a..8ad6fa1368 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1493,15 +1493,20 @@ static size_t pk_opaque_get_bitlen( const void *ctx ) return( bits ); } -static int pk_opaque_can_do( mbedtls_pk_type_t type ) +static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type ) { - /* For now opaque PSA keys can only wrap ECC keypairs, + /* For now ECDSA opaque PSA keys can only wrap ECC keypairs, * as checked by setup_psa(). * Also, ECKEY_DH does not really make sense with the current API. */ return( type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECDSA ); } +static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type ) +{ + return( type == MBEDTLS_PK_RSA ); +} + static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, @@ -1521,8 +1526,20 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, #else /* !MBEDTLS_ECDSA_C */ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx; psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t type; psa_status_t status; + status = psa_get_key_attributes( *key, &attributes ); + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa_ecdca( status ) ); + + type = psa_get_key_type( &attributes ); + psa_reset_key_attributes( &attributes ); + + if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + /* PSA has its own RNG */ (void) f_rng; (void) p_rng; @@ -1538,11 +1555,34 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, #endif /* !MBEDTLS_ECDSA_C */ } -const mbedtls_pk_info_t mbedtls_pk_opaque_info = { +const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { MBEDTLS_PK_OPAQUE, "Opaque", pk_opaque_get_bitlen, - pk_opaque_can_do, + pk_opaque_ecdsa_can_do, + NULL, /* verify - will be done later */ + pk_opaque_sign_wrap, +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + NULL, /* restartable verify - not relevant */ + NULL, /* restartable sign - not relevant */ +#endif + NULL, /* decrypt - will be done later */ + NULL, /* encrypt - will be done later */ + NULL, /* check_pair - could be done later or left NULL */ + pk_opaque_alloc_wrap, + pk_opaque_free_wrap, +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + NULL, /* restart alloc - not relevant */ + NULL, /* restart free - not relevant */ +#endif + NULL, /* debug - could be done later, or even left NULL */ +}; + +const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = { + MBEDTLS_PK_OPAQUE, + "Opaque", + pk_opaque_get_bitlen, + pk_opaque_rsa_can_do, NULL, /* verify - will be done later */ pk_opaque_sign_wrap, #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 1b490cc31b..5e81a652a7 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -136,7 +136,8 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; +extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info; +extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info; #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); From 0cd78ddd715bbb4069ceb67d506d57f6ed323dd2 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 14:20:20 +0100 Subject: [PATCH 02/15] Update test for Opaque PK key Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 9 ++++- tests/suites/test_suite_pk.function | 57 ++++++++++++++++++++++++----- 2 files changed, 54 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index cf40e5514e..520a8c24b2 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -41,8 +41,13 @@ PK utils: ECDSA SECP521R1 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA" -PK PSA utilities: setup/free, info functions, unsupported operations -pk_psa_utils: +PK PSA utilities: ECDSA setup/free, info functions, unsupported operations +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +pk_psa_utils:0 + +PK PSA utilities: RSA setup/free, info functions, unsupported operations +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_psa_utils:1 RSA verify test vector #1 (good) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ccb90e780c..0a64bc92fd 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -88,11 +88,11 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* - * Generate a key using PSA and return the key identifier of that key, + * Generate an ECC key using PSA and return the key identifier of that key, * or 0 if the key generation failed. * The key uses NIST P-256 and is usable for signing with SHA-256. */ -mbedtls_svc_key_id_t pk_psa_genkey( void ) +mbedtls_svc_key_id_t pk_psa_genkey_ecc( void ) { mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -106,6 +106,27 @@ mbedtls_svc_key_id_t pk_psa_genkey( void ) psa_set_key_bits( &attributes, bits ); PSA_ASSERT( psa_generate_key( &attributes, &key ) ); +exit: + return( key ); +} + +/* + * Generate an RSA key using PSA and return the key identifier of that key, + * or 0 if the key generation failed. + */ +mbedtls_svc_key_id_t pk_psa_genkey_rsa( void ) +{ + mbedtls_svc_key_id_t key; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; + const size_t bits = 256; + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW ); + psa_set_key_type( &attributes, type ); + psa_set_key_bits( &attributes, bits ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); + exit: return( key ); } @@ -117,8 +138,8 @@ exit: * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -void pk_psa_utils( ) +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_psa_utils( int key_is_rsa ) { mbedtls_pk_context pk, pk2; mbedtls_svc_key_id_t key; @@ -145,7 +166,10 @@ void pk_psa_utils( ) mbedtls_pk_free( &pk ); mbedtls_pk_init( &pk ); - key = pk_psa_genkey(); + if( key_is_rsa ) + key = pk_psa_genkey_rsa(); + else + key = pk_psa_genkey_ecc(); if( mbedtls_svc_key_id_is_null( key ) ) goto exit; @@ -157,9 +181,18 @@ void pk_psa_utils( ) TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen ); TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); - TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); + if( key_is_rsa ) + { + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 ); + } + else + { + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 ); + TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 ); + } /* unsupported operations: verify, decrypt, encrypt */ TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg, @@ -175,8 +208,12 @@ void pk_psa_utils( ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); /* unsupported functions: check_pair, debug */ - TEST_ASSERT( mbedtls_pk_setup( &pk2, - mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + if( key_is_rsa ) + TEST_ASSERT( mbedtls_pk_setup( &pk2, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + else + TEST_ASSERT( mbedtls_pk_setup( &pk2, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2, mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); From 5b87ebb6017d9a7c0a77a3ac5bb7a616a1565a26 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 14:35:26 +0100 Subject: [PATCH 03/15] Prepare pk_psa_sign() test to accept RSA parameters Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 18 +++++++++--------- tests/suites/test_suite_pk.function | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 520a8c24b2..ecd80a43a8 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -311,40 +311,40 @@ pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75 PSA wrapped sign: SECP256R1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256 +pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384 +pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521 +pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192 +pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 # depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224 +# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256 +pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256 +pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 +pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 +pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0a64bc92fd..fe2a001eaa 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1044,10 +1044,10 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ -void pk_psa_sign( int grpid_arg, - int psa_curve_arg, int expected_bits_arg ) +void pk_psa_sign( int parameter_arg, + int psa_type_arg, int expected_bits_arg ) { - mbedtls_ecp_group_id grpid = grpid_arg; + mbedtls_ecp_group_id grpid = parameter_arg; mbedtls_pk_context pk; unsigned char hash[32]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; @@ -1058,7 +1058,7 @@ void pk_psa_sign( int grpid_arg, int ret; mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); + psa_key_type_t expected_type = psa_type_arg; size_t expected_bits = expected_bits_arg; /* From 67fc036976d9a0a29a3a8715f8700808ddf19607 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 14:48:52 +0100 Subject: [PATCH 04/15] Add support for RSA wrap in pk_psa_sign() test Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 22 ++++++++------ tests/suites/test_suite_pk.function | 46 ++++++++++++++++++++++------- 2 files changed, 48 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index ecd80a43a8..18e165b430 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -310,42 +310,46 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 PSA wrapped sign: SECP256R1 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 -# depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +# depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP224K1_ENABLED # pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 -depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 -depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 -depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 +PSA wrapped sign: RSA PKCS1 v1.5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +pk_psa_sign:512:PSA_KEY_TYPE_RSA_KEY_PAIR:512 + PK Sign ext:RSA2048,PK_RSA,MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index fe2a001eaa..7f2b2b8d57 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1043,14 +1043,13 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO */ void pk_psa_sign( int parameter_arg, int psa_type_arg, int expected_bits_arg ) { - mbedtls_ecp_group_id grpid = parameter_arg; mbedtls_pk_context pk; unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char pkey_legacy[200]; unsigned char pkey_psa[200]; unsigned char *pkey_legacy_start, *pkey_psa_start; @@ -1063,7 +1062,7 @@ void pk_psa_sign( int parameter_arg, /* * This tests making signatures with a wrapped PSA key: - * - generate a fresh ECP legacy PK context + * - generate a fresh ECP/RSA legacy PK context * - wrap it in a PK context and make a signature this way * - extract the public key * - parse it to a PK context and verify the signature this way @@ -1071,13 +1070,38 @@ void pk_psa_sign( int parameter_arg, PSA_ASSERT( psa_crypto_init( ) ); - /* Create legacy EC public/private key in PK context. */ - mbedtls_pk_init( &pk ); - TEST_ASSERT( mbedtls_pk_setup( &pk, - mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_key( grpid, - (mbedtls_ecp_keypair*) pk.pk_ctx, - mbedtls_test_rnd_std_rand, NULL ) == 0 ); +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) + if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) ) + { + /* Create legacy RSA public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ), + mbedtls_test_rnd_std_rand, NULL, + parameter_arg, 3 ) == 0 ); + } + else +#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) ) + { + mbedtls_ecp_group_id grpid = parameter_arg; + + /* Create legacy EC public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( grpid, + (mbedtls_ecp_keypair*) pk.pk_ctx, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); + } + else +#endif /* MBEDTLS_ECDSA_C */ + { + (void) parameter_arg; + TEST_ASSUME( ! "Opaque PK key not supported in this configuration" ); + } /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, From ca5b55f0d1115734d07d2f496b95cf551bd0c1d1 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 15:00:55 +0100 Subject: [PATCH 05/15] Add support for RSA in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong --- library/pk.c | 110 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 76 insertions(+), 34 deletions(-) diff --git a/library/pk.c b/library/pk.c index abed468a0f..d6ea912ff8 100644 --- a/library/pk.c +++ b/library/pk.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_PK_C) #include "mbedtls/pk.h" #include "pk_wrap.h" +#include "pkwrite.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -708,51 +709,92 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, mbedtls_svc_key_id_t *key, psa_algorithm_t hash_alg ) { -#if !defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_RSA_C) ((void) pk); ((void) key); ((void) hash_alg); - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); #else - const mbedtls_ecp_keypair *ec; - unsigned char d[MBEDTLS_ECP_MAX_BYTES]; - size_t d_len; - psa_ecc_family_t curve_id; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - size_t bits; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_ECKEY ) + { + const mbedtls_ecp_keypair *ec; + unsigned char d[MBEDTLS_ECP_MAX_BYTES]; + size_t d_len; + psa_ecc_family_t curve_id; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t key_type; + size_t bits; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* export the private key material in the format PSA wants */ - if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + /* export the private key material in the format PSA wants */ + ec = mbedtls_pk_ec( *pk ); + d_len = ( ec->grp.nbits + 7 ) / 8; + if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) + return( ret ); - ec = mbedtls_pk_ec( *pk ); - d_len = ( ec->grp.nbits + 7 ) / 8; - if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) - return( ret ); + curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); + key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); - curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); - key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); + /* prepare the key attributes */ + psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, bits ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA( hash_alg ) ); + psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); - /* prepare the key attributes */ - psa_set_key_type( &attributes, key_type ); - psa_set_key_bits( &attributes, bits ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); - psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); + /* import private key into PSA */ + if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); - /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + /* make PK context wrap the key slot */ + mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); - /* make PK context wrap the key slot */ - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); - - return( mbedtls_pk_setup_opaque( pk, *key ) ); + return( mbedtls_pk_setup_opaque( pk, *key ) ); + } + else #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) + { + unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + int key_len; + psa_status_t status; + + /* export the private key material in the format PSA wants */ + key_len = mbedtls_pk_write_key_der( pk, buf, sizeof( buf ) ); + if( key_len <= 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + /* prepare the key attributes */ + psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); + psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, + PSA_ALG_RSA_PKCS1V15_SIGN( hash_alg ) ); + + /* import private key into PSA */ + status = psa_import_key( &attributes, + buf + sizeof( buf ) - key_len, + key_len, key); + + mbedtls_platform_zeroize( buf, sizeof( buf ) ); + + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + + /* make PK context wrap the key slot */ + mbedtls_pk_free( pk ); + mbedtls_pk_init( pk ); + + return( mbedtls_pk_setup_opaque( pk, *key ) ); + } + else +#endif /* MBEDTLS_RSA_C */ +#endif /* !MBEDTLS_ECP_C && !MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_C */ From b980c9b48c1d21cfc47c0e6ba4991ade8bb1adec Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 16:19:16 +0100 Subject: [PATCH 06/15] Add support for RSA in pk_opaque_sign_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 60 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 17 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8ad6fa1368..31645e151b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1512,7 +1512,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if !defined(MBEDTLS_ECDSA_C) +#if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C) ((void) ctx); ((void) md_alg); ((void) hash); @@ -1523,36 +1523,62 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) f_rng); ((void) p_rng); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#else /* !MBEDTLS_ECDSA_C */ +#else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx; - psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg; psa_key_type_t type; psa_status_t status; - status = psa_get_key_attributes( *key, &attributes ); - if( status != PSA_SUCCESS ) - return( mbedtls_pk_error_from_psa_ecdca( status ) ); - - type = psa_get_key_type( &attributes ); - psa_reset_key_attributes( &attributes ); - - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - /* PSA has its own RNG */ (void) f_rng; (void) p_rng; + status = psa_get_key_attributes( *key, &attributes ); + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa( status ) ); + + type = psa_get_key_type( &attributes ); + psa_reset_key_attributes( &attributes ); + +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + else +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + else +#endif /* MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + /* make the signature */ status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_pk_error_from_psa_ecdsa( status ) ); + { +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + return( mbedtls_pk_error_from_psa_ecdsa( status ) ); + else +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_RSA_C) + if( PSA_KEY_TYPE_IS_RSA( type ) ) + return( mbedtls_pk_error_from_psa_rsa( status ) ); + else +#endif /* MBEDTLS_RSA_C */ + return( mbedtls_pk_error_from_psa( status ) ); + } - /* transcode it to ASN.1 sequence */ - return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); -#endif /* !MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) + /* transcode it to ASN.1 sequence */ + return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); +#endif /* MBEDTLS_ECDSA_C */ + + return 0; +#endif /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */ } const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { From 295aeb17e6c5d118875a5295b190802b512939a7 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 15 Mar 2022 16:25:41 +0100 Subject: [PATCH 07/15] Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() Signed-off-by: Neil Armstrong --- library/pkwrite.c | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 87285f05d5..8b99340507 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -279,21 +279,35 @@ int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *b bits = psa_get_key_bits( &attributes ); psa_reset_key_attributes( &attributes ); - curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); - if( curve == 0 ) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( key_type ) ) + { + curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); + if( curve == 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, + &oid, &oid_len ); + if( ret != 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + /* Write EC algorithm parameters; that's akin + * to pk_write_ec_param() above. */ + MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, + oid, + oid_len ) ); + + /* The rest of the function works as for legacy EC contexts. */ + pk_type = MBEDTLS_PK_ECKEY; + } + else if( PSA_KEY_TYPE_IS_RSA( key_type ) ) + { + /* The rest of the function works as for legacy RSA contexts. */ + pk_type = MBEDTLS_PK_RSA; + } + else + { return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len ); - if( ret != 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - /* Write EC algorithm parameters; that's akin - * to pk_write_ec_param() above. */ - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, - oid, oid_len ) ); - - /* The rest of the function works as for legacy EC contexts. */ - pk_type = MBEDTLS_PK_ECKEY; + } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From b354742371fffcef260185720bf9e4277288338d Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Mar 2022 10:22:28 +0100 Subject: [PATCH 08/15] Update documentation of mbedtls_pk_setup_opaque() The function now accepts a RSA key pair in addition to an ECC key pair. Signed-off-by: Neil Armstrong --- include/mbedtls/pk.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a0d4694949..7e056dbe33 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -330,8 +330,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * storing and manipulating the key material directly. * * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC key pair - * (see notes below). + * \param key The PSA key to wrap, which must hold an ECC or RSA key + * pair (see notes below). * * \note The wrapped key must remain valid as long as the * wrapping PK context is in use, that is at least between @@ -339,8 +339,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * mbedtls_pk_free() is called on this context. The wrapped * key might then be independently used or destroyed. * - * \note This function is currently only available for ECC key - * pairs (that is, ECC keys containing private key material). + * \note This function is currently only available for ECC or RSA + * key pairs (that is, keys containing private key material). * Support for other key types may be added later. * * \return \c 0 on success. From 7e1b4a45fa44ef8ed90853447473afe3f90ab474 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Mar 2022 10:25:14 +0100 Subject: [PATCH 09/15] Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index d6ea912ff8..0ba334ba3a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -728,7 +728,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, /* export the private key material in the format PSA wants */ ec = mbedtls_pk_ec( *pk ); - d_len = ( ec->grp.nbits + 7 ) / 8; + d_len = PSA_BITS_TO_BYTES( ec->grp.nbits ); if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) return( ret ); From c1152e4a0f1f12f95f446798a2b91a2225fea19f Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Mar 2022 10:29:06 +0100 Subject: [PATCH 10/15] Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong --- library/pk.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/pk.c b/library/pk.c index 0ba334ba3a..837d6a2c81 100644 --- a/library/pk.c +++ b/library/pk.c @@ -725,6 +725,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_key_type_t key_type; size_t bits; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status; /* export the private key material in the format PSA wants */ ec = mbedtls_pk_ec( *pk ); @@ -744,8 +745,9 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_set_key_enrollment_algorithm( &attributes, PSA_ALG_ECDH ); /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + status = psa_import_key( &attributes, d, d_len, key ); + if( status != PSA_SUCCESS ) + return( mbedtls_pk_error_from_psa( status ) ); /* make PK context wrap the key slot */ mbedtls_pk_free( pk ); @@ -783,7 +785,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, mbedtls_platform_zeroize( buf, sizeof( buf ) ); if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ); + return( mbedtls_pk_error_from_psa( status ) ); /* make PK context wrap the key slot */ mbedtls_pk_free( pk ); From eccf88fa480ca635de81a0e5381139f31ad235af Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 8 Apr 2022 15:11:50 +0200 Subject: [PATCH 11/15] Only accept RSA key pair in mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 837d6a2c81..9b16eca9da 100644 --- a/library/pk.c +++ b/library/pk.c @@ -169,7 +169,7 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) info = &mbedtls_pk_ecdsa_opaque_info; - else if( PSA_KEY_TYPE_IS_RSA( type ) ) + else if( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) info = &mbedtls_pk_rsa_opaque_info; else return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); From 56e71d4d1a372d33b5ba96ea307288cd3893be50 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 8 Apr 2022 15:12:42 +0200 Subject: [PATCH 12/15] Update documentation of mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 9b16eca9da..0f465cdb4a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -703,7 +703,7 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * Load the key to a PSA key slot, * then turn the PK context into a wrapper for that key slot. * - * Currently only works for EC private keys. + * Currently only works for EC & RSA private keys. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, mbedtls_svc_key_id_t *key, From 7df6677c346b0e04430ae9954ef1c4b1a1cfe4d2 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 8 Apr 2022 15:13:06 +0200 Subject: [PATCH 13/15] Remove now invalid comment in pk_opaque_ecdsa_can_do() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 31645e151b..d8543300d1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1495,9 +1495,6 @@ static size_t pk_opaque_get_bitlen( const void *ctx ) static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type ) { - /* For now ECDSA opaque PSA keys can only wrap ECC keypairs, - * as checked by setup_psa(). - * Also, ECKEY_DH does not really make sense with the current API. */ return( type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECDSA ); } From 95a892311d02b438afebd6982c8a2caf90e6e5e4 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 8 Apr 2022 15:13:51 +0200 Subject: [PATCH 14/15] Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index d8543300d1..a9c3c718b2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1589,8 +1589,8 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { NULL, /* restartable verify - not relevant */ NULL, /* restartable sign - not relevant */ #endif - NULL, /* decrypt - will be done later */ - NULL, /* encrypt - will be done later */ + NULL, /* decrypt - not relevant */ + NULL, /* encrypt - not relevant */ NULL, /* check_pair - could be done later or left NULL */ pk_opaque_alloc_wrap, pk_opaque_free_wrap, From cb87403560351aef105c9a5dc80300939896e1bb Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 8 Apr 2022 15:14:40 +0200 Subject: [PATCH 15/15] Use 1024 bits RSA key size for RSA PK Opaque tests Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.data | 2 +- tests/suites/test_suite_pk.function | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 18e165b430..323efc2c48 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -348,7 +348,7 @@ pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAI PSA wrapped sign: RSA PKCS1 v1.5 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME -pk_psa_sign:512:PSA_KEY_TYPE_RSA_KEY_PAIR:512 +pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 7f2b2b8d57..6c4f9e44d2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -119,7 +119,7 @@ mbedtls_svc_key_id_t pk_psa_genkey_rsa( void ) mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; - const size_t bits = 256; + const size_t bits = 1024; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW ); @@ -146,7 +146,7 @@ void pk_psa_utils( int key_is_rsa ) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; - const size_t bitlen = 256; /* harcoded in genkey() */ + size_t bitlen; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; unsigned char b1[1], b2[1]; @@ -167,9 +167,15 @@ void pk_psa_utils( int key_is_rsa ) mbedtls_pk_init( &pk ); if( key_is_rsa ) + { + bitlen = 1024; /* harcoded in genkey() */ key = pk_psa_genkey_rsa(); + } else + { + bitlen = 256; /* harcoded in genkey() */ key = pk_psa_genkey_ecc(); + } if( mbedtls_svc_key_id_is_null( key ) ) goto exit;