From 56d51274d8e99602f8d28716da2433120cceab3d Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Feb 2022 15:29:05 +0100 Subject: [PATCH 01/10] Initialize PSA crypto in test_suite_pk for RSA verify tests Signed-off-by: Neil Armstrong --- tests/suites/test_suite_pk.function | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 237a8095d8..bc0334e3c1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -345,6 +345,8 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) { mbedtls_pk_context pub, prv, alt; + USE_PSA_INIT(); + mbedtls_pk_init( &pub ); mbedtls_pk_init( &prv ); mbedtls_pk_init( &alt ); @@ -373,6 +375,7 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) mbedtls_pk_free( &pub ); mbedtls_pk_free( &prv ); mbedtls_pk_free( &alt ); + USE_PSA_DONE(); } /* END_CASE */ @@ -395,6 +398,8 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, mbedtls_ecp_set_max_ops( 1 ); #endif + USE_PSA_INIT(); + mbedtls_pk_init( &pk ); memset( hash_result, 0x00, MBEDTLS_MD_MAX_SIZE ); @@ -421,6 +426,7 @@ exit: mbedtls_pk_restart_free( rs_ctx ); #endif mbedtls_pk_free( &pk ); + USE_PSA_DONE(); } /* END_CASE */ @@ -530,6 +536,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, size_t hlen, slen; const mbedtls_md_info_t *md_info; + USE_PSA_INIT(); + mbedtls_pk_restart_init( &rs_ctx ); mbedtls_pk_init( &prv ); mbedtls_pk_init( &pub ); @@ -617,6 +625,7 @@ exit: mbedtls_pk_restart_free( &rs_ctx ); mbedtls_pk_free( &prv ); mbedtls_pk_free( &pub ); + USE_PSA_DONE(); } /* END_CASE */ From 52f41f8228a7424681db7413b49daeeaa6895eed Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 22 Feb 2022 15:30:24 +0100 Subject: [PATCH 02/10] PK: RSA verification PSA wrap implementation Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2569b9c729..b3db3d764e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -164,9 +164,70 @@ static size_t rsa_get_bitlen( const void *ctx ) return( 8 * mbedtls_rsa_get_len( rsa ) ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) +{ + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + mbedtls_pk_context key; + int key_len; + /* see RSA_PUR_DER_MAX_BYTES in pkwrite.c */ + unsigned char buf[38 + 2 * MBEDTLS_MPI_MAX_SIZE]; + mbedtls_pk_info_t pk_info = mbedtls_rsa_info; + psa_algorithm_t psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + size_t rsa_len = mbedtls_rsa_get_len( rsa ); + +#if SIZE_MAX > UINT_MAX + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + + if( sig_len < rsa_len ) + return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + + /* mbedtls_pk_write_pubkey() expects a full PK context; + * re-construct one to make it happy */ + key.pk_info = &pk_info; + key.pk_ctx = ctx; + key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) ); + if( key_len <= 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY ); + + status = psa_import_key( &attributes, + buf + sizeof( buf ) - key_len, key_len, + &key_id ); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_psa_err_translate_pk( status ); + goto cleanup; + } + + status = psa_verify_hash( key_id, psa_alg_md, hash, hash_len, + sig, sig_len ); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_psa_err_translate_pk( status ); + goto cleanup; + } + ret = 0; + +cleanup: + psa_destroy_key( key_id ); + return( ret ); +} +#else +static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; @@ -195,6 +256,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, return( 0 ); } +#endif #if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, From 059a80c212cb9ab593d1a8f78974c7ff5b32078e Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 24 Feb 2022 15:23:42 +0100 Subject: [PATCH 03/10] Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b3db3d764e..71b60398dd 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -215,7 +215,14 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, sig, sig_len ); if( status != PSA_SUCCESS ) { - ret = mbedtls_psa_err_translate_pk( status ); + if ( status == PSA_ERROR_INVALID_PADDING ) + { + ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + } + else + { + ret = mbedtls_psa_err_translate_pk( status ); + } goto cleanup; } ret = 0; From a33280af6cf0242c617c4a4f3a764653a2b69527 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 24 Feb 2022 15:17:47 +0100 Subject: [PATCH 04/10] Check psa_destroy_key() return in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 71b60398dd..f09cc4be72 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -228,7 +228,10 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, ret = 0; cleanup: - psa_destroy_key( key_id ); + status = psa_destroy_key( key_id ); + if( ret == 0 && status != PSA_SUCCESS ) + ret = mbedtls_psa_err_translate_pk( status ); + return( ret ); } #else From 6baea7807229824c3064c4c39710708f2df39e07 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 1 Mar 2022 13:52:02 +0100 Subject: [PATCH 05/10] Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f09cc4be72..82b7b26c8e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -176,8 +176,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, psa_status_t status; mbedtls_pk_context key; int key_len; - /* see RSA_PUR_DER_MAX_BYTES in pkwrite.c */ - unsigned char buf[38 + 2 * MBEDTLS_MPI_MAX_SIZE]; + unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; psa_algorithm_t psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); size_t rsa_len = mbedtls_rsa_get_len( rsa ); From 82cf804e34ef4862a3c7193599a88c7c670d90c8 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 3 Mar 2022 12:30:59 +0100 Subject: [PATCH 06/10] Fix 80 characters indentation in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 82b7b26c8e..02331c3457 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -178,7 +178,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - psa_algorithm_t psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + psa_algorithm_t psa_alg_md = + PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); size_t rsa_len = mbedtls_rsa_get_len( rsa ); #if SIZE_MAX > UINT_MAX From 8a44bb47ac715529c1b338f0b8fc7cc5cdbd6153 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 3 Mar 2022 13:16:13 +0100 Subject: [PATCH 07/10] Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 02331c3457..2447cf6882 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -215,9 +215,9 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, sig, sig_len ); if( status != PSA_SUCCESS ) { - if ( status == PSA_ERROR_INVALID_PADDING ) + if ( status == PSA_ERROR_INVALID_SIGNATURE ) { - ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; } else { From 19e6bc4c9f617f06426bcd405b015bed88f1baca Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 3 Mar 2022 16:50:11 +0100 Subject: [PATCH 08/10] Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2447cf6882..4b834ea0ac 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -207,7 +207,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, &key_id ); if( status != PSA_SUCCESS ) { - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } @@ -215,14 +215,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, sig, sig_len ); if( status != PSA_SUCCESS ) { - if ( status == PSA_ERROR_INVALID_SIGNATURE ) - { - ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; - } - else - { - ret = mbedtls_psa_err_translate_pk( status ); - } + ret = mbedtls_pk_error_from_psa_rsa( status ); goto cleanup; } ret = 0; @@ -230,7 +223,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) - ret = mbedtls_psa_err_translate_pk( status ); + ret = mbedtls_pk_error_from_psa( status ); return( ret ); } From ea54dbe7c2a7b6cc531e79e5a03814e47412ac0a Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Mon, 14 Mar 2022 09:26:48 +0100 Subject: [PATCH 09/10] Fix comment typo in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4b834ea0ac..f874a7df78 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -190,7 +190,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - /* mbedtls_pk_write_pubkey() expects a full PK context; + /* mbedtls_pk_write_pubkey_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; From 253e9e7e6d5141e8ac23f2a953b0cd2438fc3319 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 16 Mar 2022 15:32:23 +0100 Subject: [PATCH 10/10] Use mbedtls_rsa_info directly in rsa_verify_wrap() Signed-off-by: Neil Armstrong --- library/pk_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f874a7df78..266829011a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -177,7 +177,6 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; - mbedtls_pk_info_t pk_info = mbedtls_rsa_info; psa_algorithm_t psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); size_t rsa_len = mbedtls_rsa_get_len( rsa ); @@ -192,7 +191,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, /* mbedtls_pk_write_pubkey_der() expects a full PK context; * re-construct one to make it happy */ - key.pk_info = &pk_info; + key.pk_info = &mbedtls_rsa_info; key.pk_ctx = ctx; key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 )