mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pk: add alternate function for keypair generation using PSA

Browse Source 
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-04-03 16:01:47 +02:00
parent b16a50eeab
commit b6891b13f6
4 changed files with 76 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ecp.h
View File

@ -1214,6 +1214,7 @@ int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
* on failure.
*/
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
mbedtls_ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t),
@ -1235,6 +1236,7 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d,
int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
/**
* \brief This function reads an elliptic curve private key.

2
library/ecp.c
View File

@ -3159,6 +3159,7 @@ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Generate a keypair with configurable base point
*/
@ -3200,6 +3201,7 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng);
}
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#define ECP_CURVE25519_KEY_SIZE 32
#define ECP_CURVE448_KEY_SIZE 56

4
tests/suites/test_suite_ecp.function
View File

@ -987,7 +987,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */
void mbedtls_ecp_gen_keypair(int id)
{
mbedtls_ecp_group grp;
@ -1016,7 +1016,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */
void mbedtls_ecp_gen_key(int id)
{
mbedtls_ecp_keypair key;

74
tests/suites/test_suite_pk.function
View File

@ -17,9 +17,63 @@
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#endif
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
static int pk_genkey_ec(mbedtls_ecp_group *grp,
mbedtls_mpi *d, mbedtls_ecp_point *Q)
{
psa_status_t status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
size_t curve_bits;
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
&curve_bits);
unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t key_len;
int ret;
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
psa_set_key_bits(&key_attr, curve_bits);
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
status = psa_generate_key(&key_attr, &key_id);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len);
if (status != PSA_SUCCESS) {
psa_destroy_key(key_id);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
ret = mbedtls_mpi_read_binary(d, key_buf, key_len);
if (ret != 0) {
return ret;
}
status = psa_export_public_key(key_id, key_buf, sizeof(key_buf),
&key_len);
if (status != PSA_SUCCESS) {
psa_destroy_key(key_id);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
if (ret != 0) {
return ret;
}
psa_destroy_key(key_id);
return 0;
}
/** Generate a key of the desired type.
*
* \param pk The PK object to fill. It must have been initialized
@ -53,12 +107,18 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
return ret;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q);
#else /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif
#endif /* MBEDTLS_ECP_C */
return -1;
}
@ -462,6 +522,10 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name)
{
mbedtls_pk_context pk;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
PSA_INIT();
#endif
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
@ -475,6 +539,9 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name)
exit:
mbedtls_pk_free(&pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
PSA_DONE();
#endif
}
/* END_CASE */
@ -1234,9 +1301,8 @@ void pk_psa_sign(int parameter_arg,
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
(mbedtls_ecp_keypair *) pk.pk_ctx,
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */