From 2c61835ec82294688d27739181c02b955350425c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 22 Sep 2020 06:54:01 -0700 Subject: [PATCH 1/6] Add support for PSA crypto driver size_function Updated get_expected_key_size in psa_crypto_driver_wrappers to properly handle using the new size_function from PSA crypto drivers. Created initial infrastructure to support size_function for the PSA crypto drivers. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 58 ++++++++++++---- tests/include/test/drivers/size.h | 87 ++++++++++++++++++++++++ tests/include/test/drivers/test_driver.h | 1 + tests/src/drivers/size.c | 47 +++++++++++++ 4 files changed, 178 insertions(+), 15 deletions(-) create mode 100644 tests/include/test/drivers/size.h create mode 100644 tests/src/drivers/size.c diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index d41209bbfb..a8dcc064d9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -256,23 +256,51 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute size_t *expected_size ) { size_t buffer_size = 0; - if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) - { - buffer_size = PSA_KEY_EXPORT_MAX_SIZE( attributes->core.type, - attributes->core.bits ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_type_t key_type = attributes->core.type; + size_t key_bits = attributes->core.bits; - if( buffer_size == 0 ) + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ); + + if( buffer_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *expected_size = buffer_size; + return( PSA_SUCCESS ); + +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + /* TBD: opaque driver support: need to calculate size through a + * driver-defined size function, since the size of an opaque (wrapped) + * key will be different for each implementation. */ +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION + *expected_size = test_size_function( key_type, key_bits ); + return( PSA_SUCCESS ); +#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * ( ( key_bits + 7 ) / 8 ); + } + else + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( PSA_SUCCESS ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + default: return( PSA_ERROR_NOT_SUPPORTED ); - - *expected_size = buffer_size; - return( PSA_SUCCESS ); - } - else - { - /* TBD: opaque driver support: need to calculate size through a - * driver-defined size function, since the size of an opaque (wrapped) - * key will be different for each implementation. */ - return( PSA_ERROR_NOT_SUPPORTED ); } } #endif /* PSA_CRYPTO_DRIVER_PRESENT */ diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h new file mode 100644 index 0000000000..4e5b5918e2 --- /dev/null +++ b/tests/include/test/drivers/size.h @@ -0,0 +1,87 @@ +/* + * Test driver for context size functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + unsigned int context; +} test_driver_key_context_t; + +/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + * + * This macro returns the base size for the key context. It should include + * the size for any driver context information stored with each key. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) + +/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE + * + * Number of bytes included in every key context for a key pair. + */ + +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + * + * Number of bytes included in every key context for a public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * + * Every key context for a symmetric key includes this many times the key size. + */ +#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY + * + * If this is true for a key pair, the key context includes space for the public key. + * If this is false, no additional space is added for the public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + * + * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver + * provides a size_function entry point, otherwise, it does not. + * + * Some opaque drivers have the need to support a custom size for the storage + * of key and context information. The size_function provides the ability to + * provide that customization. + */ +//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 7ee8e5eea3..ee5974217d 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -25,5 +25,6 @@ #include "test/drivers/signature.h" #include "test/drivers/keygen.h" #include "test/drivers/cipher.h" +#include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c new file mode 100644 index 0000000000..05f8a986a0 --- /dev/null +++ b/tests/src/drivers/size.c @@ -0,0 +1,47 @@ +/* + * Test driver for retrieving key context size. + * Only used by opaque drivers. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/error.h" + +#include "test/drivers/size.h" + +#include + +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ) +{ + (void) key_type; + (void) key_bits; + return 0; +} +#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 9a689844f4056b0976a8574ba0a5e2229d682bc1 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 22 Sep 2020 07:39:28 -0700 Subject: [PATCH 2/6] Add new size.h to vs2010 project New file is needed for vs2010 project. Signed-off-by: John Durkop --- visualc/VS2010/mbedTLS.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index b243b73aee..3e9d14a29f 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -241,6 +241,7 @@ + From 750d0e4b72fcd11a2d9c7ef53d57222b2c68886c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 25 Sep 2020 06:18:33 -0700 Subject: [PATCH 3/6] Remove obsolete comment Removed TBD comment that is no longer relevant since that portion of the code has been updated. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index a8dcc064d9..262070c6ad 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -273,9 +273,6 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - /* TBD: opaque driver support: need to calculate size through a - * driver-defined size function, since the size of an opaque (wrapped) - * key will be different for each implementation. */ #ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION *expected_size = test_size_function( key_type, key_bits ); return( PSA_SUCCESS ); From badd89f525ed1410477ad37b36d67bc11599f5be Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 9 Oct 2020 07:06:29 -0700 Subject: [PATCH 4/6] Added specific key size values for a test driver Replaced generic values for the test driver with specific ones for a 256-bit ECC private/public key pair. Signed-off-by: John Durkop --- tests/include/test/drivers/size.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h index 4e5b5918e2..831adbbd7e 100644 --- a/tests/include/test/drivers/size.h +++ b/tests/include/test/drivers/size.h @@ -38,20 +38,26 @@ typedef struct { * This macro returns the base size for the key context. It should include * the size for any driver context information stored with each key. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) /** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE * * Number of bytes included in every key context for a key pair. + * + * This pair size is for an ECC 256-bit private/public key pair. + * Based on this value, the size of the private key can be derived by + * subtracting the public key size below from this one. */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 /** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE * * Number of bytes included in every key context for a public key. + * + * For ECC public keys, it needs 257 bits so 33 bytes. */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 /** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * @@ -63,8 +69,10 @@ typedef struct { * * If this is true for a key pair, the key context includes space for the public key. * If this is false, no additional space is added for the public key. + * + * For this instance, store the public key with the private one. */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 /** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION * From ac93e3b43ca4374d46102c2f8861fb19df0ab547 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 16 Oct 2020 06:48:55 -0700 Subject: [PATCH 5/6] Fix guard for test_size_function() Previous guard was using original naming and did not get updated to the new name. Guard is now using correct definition of TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 262070c6ad..f905ea4f93 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -273,7 +273,7 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: -#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION *expected_size = test_size_function( key_type, key_bits ); return( PSA_SUCCESS ); #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ From 135ce69361d4b0c83072a3afaff6ce9dfbc9da92 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 19 Oct 2020 07:12:28 -0700 Subject: [PATCH 6/6] Updated value of expected key size when not using test_size_function The calculation of the expected key size when not using the test_size_function was not correct. The function has now been updated to handle all cases properly to ensure the expected key size is correct for key pairs, public keys, and symmetric keys. Cleaned up some comments and removed unused includes. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 13 +++++++++++-- tests/include/test/drivers/size.h | 6 +++--- tests/src/drivers/size.c | 5 ----- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f905ea4f93..f19f559202 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -278,11 +278,20 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return( PSA_SUCCESS ); #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ? + PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 ); + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + + public_key_overhead; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) { *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; } - else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) + else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && + !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) ) { *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR @@ -300,7 +309,7 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return( PSA_ERROR_NOT_SUPPORTED ); } } -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h index 831adbbd7e..4bfe986a21 100644 --- a/tests/include/test/drivers/size.h +++ b/tests/include/test/drivers/size.h @@ -35,8 +35,8 @@ typedef struct { /** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE * - * This macro returns the base size for the key context. It should include - * the size for any driver context information stored with each key. + * This macro returns the base size for the key context. It is the size of the + * driver specific information stored in each key context. */ #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) @@ -92,4 +92,4 @@ size_t test_size_function( #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c index 05f8a986a0..16a86922a6 100644 --- a/tests/src/drivers/size.c +++ b/tests/src/drivers/size.c @@ -25,14 +25,9 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "mbedtls/error.h" #include "test/drivers/size.h" -#include - #ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION size_t test_size_function( const psa_key_type_t key_type,