Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.
Adjust the existing test cases accordingly and add a few negative test
cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In principle the RSA tests shouldn't depend on RSA key generation: they just
need to operate on RSA keys. However they do need some method of creating an
RSA key, and we're currently doing random generation. So depend on what the
test code needs.
Depend on the legacy RSA interface, since driver-only RSA isn't currently
supported in the PK module.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().
This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes#7583.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
sed -i -f md_or_psa_hash.sed \
tests/suites/test_suite_pkcs1_v21.data
tests/suites/test_suite_pk.data
with md_or_psa_hash.sed containing:
s/MBEDTLS_MD5_C/MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA/g
s/MBEDTLS_RIPEMD160_C/MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA1_C/MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA224_C/MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA256_C/MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA384_C/MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA512_C/MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA/g
(The only lines in pk.data that still had old-style dependencies where
the ones about PKCS1_V21.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Cases where radix was explictly declared are removed in most cases,
replaced using script. bignum arguments are represented as hexadecimal
strings. This reduces clutter in test data and makes bit patterns
clearer.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
When USE_PSA is disabled and ECDSA_DETERMINISTIC is enabled, generating
ECDSA signatures via PK requires use of the hash via the MD layer (in
HMAC-DRBG, used by deterministic ECDSA).
When USE_PSA is enabled, ECDSA signatures via PK go through PSA which
always uses non-deterministic ECDSA, so does not rely on HMAC-DRBG/MD.
The condition used here is slightly too strong, but expressing exactly
the optimal condition seems more effort than it's worth for just 3 test
cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Using VIA_MD_OR_PSA_BASED_ON_USE_PSA was justified by the fact that
until a few commits ago, the test functions here computed hashes using
either MD or PSA, depending on whether USE_PSA was defined (which itself
was justified by the loose reasoning that "PK is USE_PSA territory").
A few commits ago, test code stopped computing hashes because the hash
values became part of the test data. PK itself does not compute hashes.
As a result, VIA_MD_OR_PSA_BASED_ON_USE_PSA is no longer justified.
There are now two kinds of tests:
- those that only rely on hash data (ECDSA, RSA PKCS#1 v1.5) should
depend on VIA_LOWLEVEL_OR_PSA as that is the minimal dependency, hence
the one used for data
- those that were the layer below PK will internally compute a hash (RSA
PKCS#1 v2.1): currently this hash is always computed using MD (on which
MBEDTLS_PKCS1_V21 depends), so legacy dependencies like MBEDTLS_SHA256_C
should be used for now. The previous dependency was morally wrong, it
didn't show in the driver-only tests only because PKCS#1 v2.1 is
disabled in this test for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Fix usage with sed:
s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/
s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Same rationale as previous "Rm useless use of MD" commits.
Here the first two test functions were already not depending on MD_C,
but the new version is much simpler, as it avoids having two versions of
the code depending on the value of USE_PSA.
Changes to the data file generated with the following Python script:
import hashlib
suite = 'pk'
functions = {
'pk_rsa_verify_test_vec': (2, 1, True),
'pk_rsa_verify_ext_test_vec': (2, 1, True),
'pk_sign_verify_restart': (6, 7, False),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
if s == 'MBEDTLS_MD_RIPEMD160':
return hashlib.new("ripemd160")
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(alg_idx, msg_idx, is_hex) = functions[fun]
alg_str = parts[alg_idx]
if alg_str == "MBEDTLS_MD_NONE" or alg_str == "255":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx][1:-1]
msg = bytes.fromhex(msg_str) if is_hex else bytes(msg_str, 'ascii')
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Applied:
sed -i -f use_psa_hash.sed tests/suites/test_suite_pk.*
with use_psa_hash.sed as follows:
s/MBEDTLS_MD5_C/MBEDTLS_USE_PSA_WANT_ALG_MD5/g
s/MBEDTLS_RIPEMD160_C/MBEDTLS_USE_PSA_WANT_ALG_RIPEMD160/g
s/MBEDTLS_SHA1_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_1/g
s/MBEDTLS_SHA224_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_224/g
s/MBEDTLS_SHA256_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_256/g
s/MBEDTLS_SHA384_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_384/g
s/MBEDTLS_SHA512_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_512/g
With this commit, test_suite_pk achieves parity between:
- crypto_full minus PKCS#1v2.1
- same minus MD (from all.sh's test_crypto_full_no_md)
and between:
- default config plus use_psa minus PKCS#1v2.1
- same with accelerators (test_psa_crypto_config_accel_hash_use_psa)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
