1 /*
2 * Test driver for generating and verifying keys.
3 * Currently only supports generating and verifying ECC keys.
4 */
5 /* Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 */
8
9 #include <test/helpers.h>
10
11 #if defined(PSA_CRYPTO_DRIVER_TEST)
12 #include "psa/crypto.h"
13 #include "psa_crypto_core.h"
14 #include "psa_crypto_ecp.h"
15 #include "psa_crypto_rsa.h"
16 #include "psa_crypto_ffdh.h"
17 #include "mbedtls/ecp.h"
18 #include "mbedtls/error.h"
19
20 #include "test/drivers/key_management.h"
21 #include "test/drivers/test_driver.h"
22
23 #include "test/random.h"
24
25 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
26 #include "libtestdriver1/library/psa_crypto_ecp.h"
27 #include "libtestdriver1/library/psa_crypto_rsa.h"
28 #include "libtestdriver1/library/psa_crypto_ffdh.h"
29 #endif
30
31 #include <string.h>
32
33 mbedtls_test_driver_key_management_hooks_t
34 mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
35
36 const uint8_t mbedtls_test_driver_aes_key[16] =
37 { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
38 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
39 const uint8_t mbedtls_test_driver_ecdsa_key[32] =
40 { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
41 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
42 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
43 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
44 const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
45 { 0x04,
46 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
47 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
48 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
49 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
50 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
51 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
52 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
53 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
54
mbedtls_test_transparent_init(void)55 psa_status_t mbedtls_test_transparent_init(void)
56 {
57 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
58
59 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
60 status = libtestdriver1_psa_crypto_init();
61 if (status != PSA_SUCCESS) {
62 return status;
63 }
64 #endif
65
66 (void) status;
67 return PSA_SUCCESS;
68 }
69
mbedtls_test_transparent_free(void)70 void mbedtls_test_transparent_free(void)
71 {
72 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
73 libtestdriver1_mbedtls_psa_crypto_free();
74 #endif
75
76 return;
77 }
78
mbedtls_test_opaque_init(void)79 psa_status_t mbedtls_test_opaque_init(void)
80 {
81 return PSA_SUCCESS;
82 }
83
mbedtls_test_opaque_free(void)84 void mbedtls_test_opaque_free(void)
85 {
86 return;
87 }
88
89 /*
90 * This macro returns the base size for the key context when SE does not
91 * support storage. It is the size of the metadata that gets added to the
92 * wrapped key. In its test functionality the metadata is just some padded
93 * prefixing to the key.
94 */
95 #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
96 PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
97
98
mbedtls_test_opaque_size_function(const psa_key_type_t key_type,const size_t key_bits)99 size_t mbedtls_test_opaque_size_function(
100 const psa_key_type_t key_type,
101 const size_t key_bits)
102 {
103 size_t key_buffer_size = 0;
104
105 key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
106 if (key_buffer_size == 0) {
107 return 0;
108 }
109 /* Include spacing for base size overhead over the key size
110 * */
111 key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
112 return key_buffer_size;
113 }
114
mbedtls_test_opaque_get_base_size()115 static size_t mbedtls_test_opaque_get_base_size()
116 {
117 return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
118 }
119
120 /*
121 * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
122 * clear key. It expects the clear and wrap buffers to be passed in.
123 * key_length is the size of the clear key to be wrapped.
124 * wrapped_key_buffer_size is the size of the output buffer wrap_key.
125 * The argument wrapped_key_buffer_length is filled with the wrapped
126 * key_size on success.
127 * */
mbedtls_test_opaque_wrap_key(const uint8_t * key,size_t key_length,uint8_t * wrapped_key_buffer,size_t wrapped_key_buffer_size,size_t * wrapped_key_buffer_length)128 static psa_status_t mbedtls_test_opaque_wrap_key(
129 const uint8_t *key,
130 size_t key_length,
131 uint8_t *wrapped_key_buffer,
132 size_t wrapped_key_buffer_size,
133 size_t *wrapped_key_buffer_length)
134 {
135 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
136 uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
137
138 if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
139 return PSA_ERROR_BUFFER_TOO_SMALL;
140 }
141
142 /* Write in the opaque pad prefix */
143 memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
144 wrapped_key_buffer += opaque_key_base_size;
145 *wrapped_key_buffer_length = key_length + opaque_key_base_size;
146
147 while (key_length--) {
148 wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
149 }
150 return PSA_SUCCESS;
151 }
152
153 /*
154 * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
155 * and unwraps the wrapped key. It expects the clear and wrap buffers to be
156 * passed in.
157 * wrapped_key_length is the size of the wrapped key,
158 * key_buffer_size is the size of the output buffer clear_key.
159 * The argument key_buffer_length is filled with the unwrapped(clear)
160 * key_size on success.
161 * */
mbedtls_test_opaque_unwrap_key(const uint8_t * wrapped_key,size_t wrapped_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)162 psa_status_t mbedtls_test_opaque_unwrap_key(
163 const uint8_t *wrapped_key,
164 size_t wrapped_key_length,
165 uint8_t *key_buffer,
166 size_t key_buffer_size,
167 size_t *key_buffer_length)
168 {
169 /* Remove the pad prefix from the wrapped key */
170 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
171 size_t clear_key_size;
172
173 /* Check for underflow */
174 if (wrapped_key_length < opaque_key_base_size) {
175 return PSA_ERROR_DATA_CORRUPT;
176 }
177 clear_key_size = wrapped_key_length - opaque_key_base_size;
178
179 wrapped_key += opaque_key_base_size;
180 if (clear_key_size > key_buffer_size) {
181 return PSA_ERROR_BUFFER_TOO_SMALL;
182 }
183
184 *key_buffer_length = clear_key_size;
185 while (clear_key_size--) {
186 key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
187 }
188 return PSA_SUCCESS;
189 }
190
mbedtls_test_transparent_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)191 psa_status_t mbedtls_test_transparent_generate_key(
192 const psa_key_attributes_t *attributes,
193 uint8_t *key, size_t key_size, size_t *key_length)
194 {
195 ++mbedtls_test_driver_key_management_hooks.hits;
196 ++mbedtls_test_driver_key_management_hooks.hits_generate_key;
197
198 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
199 return mbedtls_test_driver_key_management_hooks.forced_status;
200 }
201
202 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
203 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
204 key_size) {
205 return PSA_ERROR_BUFFER_TOO_SMALL;
206 }
207 memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
208 mbedtls_test_driver_key_management_hooks.forced_output_length);
209 *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
210 return PSA_SUCCESS;
211 }
212
213 if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
214 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
215 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
216 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
217 return libtestdriver1_mbedtls_psa_ecp_generate_key(
218 (const libtestdriver1_psa_key_attributes_t *) attributes,
219 key, key_size, key_length);
220 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
221 return mbedtls_psa_ecp_generate_key(
222 attributes, key, key_size, key_length);
223 #endif
224 } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
225 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
226 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
227 return libtestdriver1_mbedtls_psa_rsa_generate_key(
228 (const libtestdriver1_psa_key_attributes_t *) attributes,
229 NULL, 0, /* We don't support custom e in the test driver yet */
230 key, key_size, key_length);
231 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
232 return mbedtls_psa_rsa_generate_key(
233 attributes,
234 NULL, 0, /* We don't support custom e in the test driver yet */
235 key, key_size, key_length);
236 #endif
237 } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
238 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
239 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
240 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
241 return libtestdriver1_mbedtls_psa_ffdh_generate_key(
242 (const libtestdriver1_psa_key_attributes_t *) attributes,
243 key, key_size, key_length);
244 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
245 return mbedtls_psa_ffdh_generate_key(
246 attributes, key, key_size, key_length);
247 #endif
248 }
249
250 (void) attributes;
251 return PSA_ERROR_NOT_SUPPORTED;
252 }
253
mbedtls_test_opaque_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)254 psa_status_t mbedtls_test_opaque_generate_key(
255 const psa_key_attributes_t *attributes,
256 uint8_t *key, size_t key_size, size_t *key_length)
257 {
258 (void) attributes;
259 (void) key;
260 (void) key_size;
261 (void) key_length;
262 return PSA_ERROR_NOT_SUPPORTED;
263 }
264
mbedtls_test_transparent_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)265 psa_status_t mbedtls_test_transparent_import_key(
266 const psa_key_attributes_t *attributes,
267 const uint8_t *data,
268 size_t data_length,
269 uint8_t *key_buffer,
270 size_t key_buffer_size,
271 size_t *key_buffer_length,
272 size_t *bits)
273 {
274 psa_key_type_t type = psa_get_key_type(attributes);
275
276 ++mbedtls_test_driver_key_management_hooks.hits;
277 mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
278
279 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
280 return mbedtls_test_driver_key_management_hooks.forced_status;
281 }
282
283 if (PSA_KEY_TYPE_IS_ECC(type)) {
284 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
285 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
286 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
287 return libtestdriver1_mbedtls_psa_ecp_import_key(
288 (const libtestdriver1_psa_key_attributes_t *) attributes,
289 data, data_length,
290 key_buffer, key_buffer_size,
291 key_buffer_length, bits);
292 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
293 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
294 return mbedtls_psa_ecp_import_key(
295 attributes,
296 data, data_length,
297 key_buffer, key_buffer_size,
298 key_buffer_length, bits);
299 #endif
300 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
301 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
302 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
303 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
304 return libtestdriver1_mbedtls_psa_rsa_import_key(
305 (const libtestdriver1_psa_key_attributes_t *) attributes,
306 data, data_length,
307 key_buffer, key_buffer_size,
308 key_buffer_length, bits);
309 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
310 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
311 return mbedtls_psa_rsa_import_key(
312 attributes,
313 data, data_length,
314 key_buffer, key_buffer_size,
315 key_buffer_length, bits);
316 #endif
317 } else if (PSA_KEY_TYPE_IS_DH(type)) {
318 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
319 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
320 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
321 return libtestdriver1_mbedtls_psa_ffdh_import_key(
322 (const libtestdriver1_psa_key_attributes_t *) attributes,
323 data, data_length,
324 key_buffer, key_buffer_size,
325 key_buffer_length, bits);
326 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
327 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
328 return mbedtls_psa_ffdh_import_key(
329 attributes,
330 data, data_length,
331 key_buffer, key_buffer_size,
332 key_buffer_length, bits);
333 #endif
334 }
335 (void) data;
336 (void) data_length;
337 (void) key_buffer;
338 (void) key_buffer_size;
339 (void) key_buffer_length;
340 (void) bits;
341 (void) type;
342
343 return PSA_ERROR_NOT_SUPPORTED;
344 }
345
346
mbedtls_test_opaque_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)347 psa_status_t mbedtls_test_opaque_import_key(
348 const psa_key_attributes_t *attributes,
349 const uint8_t *data,
350 size_t data_length,
351 uint8_t *key_buffer,
352 size_t key_buffer_size,
353 size_t *key_buffer_length,
354 size_t *bits)
355 {
356 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
357 psa_key_type_t type = psa_get_key_type(attributes);
358 /* This buffer will be used as an intermediate placeholder for
359 * the clear key till we wrap it */
360 uint8_t *key_buffer_temp;
361
362 ++mbedtls_test_driver_key_management_hooks.hits;
363 mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
364
365 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
366 return mbedtls_test_driver_key_management_hooks.forced_status;
367 }
368
369 key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
370 if (key_buffer_temp == NULL) {
371 return PSA_ERROR_INSUFFICIENT_MEMORY;
372 }
373
374 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
375 *bits = PSA_BYTES_TO_BITS(data_length);
376
377 status = psa_validate_unstructured_key_bit_size(type,
378 *bits);
379 if (status != PSA_SUCCESS) {
380 goto exit;
381 }
382
383 if (data_length > key_buffer_size) {
384 return PSA_ERROR_BUFFER_TOO_SMALL;
385 }
386
387 /* Copy the key material accounting for opaque key padding. */
388 memcpy(key_buffer_temp, data, data_length);
389 *key_buffer_length = data_length;
390 } else if (PSA_KEY_TYPE_IS_ECC(type)) {
391 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
392 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
393 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
394 status = libtestdriver1_mbedtls_psa_ecp_import_key(
395 (const libtestdriver1_psa_key_attributes_t *) attributes,
396 data, data_length,
397 key_buffer_temp, key_buffer_size,
398 key_buffer_length, bits);
399 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
400 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
401 status = mbedtls_psa_ecp_import_key(
402 attributes,
403 data, data_length,
404 key_buffer_temp, key_buffer_size,
405 key_buffer_length, bits);
406 #else
407 status = PSA_ERROR_NOT_SUPPORTED;
408 #endif
409 if (status != PSA_SUCCESS) {
410 goto exit;
411 }
412 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
413 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
414 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
415 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
416 status = libtestdriver1_mbedtls_psa_rsa_import_key(
417 (const libtestdriver1_psa_key_attributes_t *) attributes,
418 data, data_length,
419 key_buffer_temp, key_buffer_size,
420 key_buffer_length, bits);
421 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
422 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
423 status = mbedtls_psa_rsa_import_key(
424 attributes,
425 data, data_length,
426 key_buffer_temp, key_buffer_size,
427 key_buffer_length, bits);
428 #else
429 status = PSA_ERROR_NOT_SUPPORTED;
430 #endif
431 if (status != PSA_SUCCESS) {
432 goto exit;
433 }
434 } else {
435 status = PSA_ERROR_INVALID_ARGUMENT;
436 goto exit;
437 }
438
439 status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
440 key_buffer, key_buffer_size, key_buffer_length);
441 exit:
442 mbedtls_free(key_buffer_temp);
443 return status;
444 }
445
mbedtls_test_opaque_export_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)446 psa_status_t mbedtls_test_opaque_export_key(
447 const psa_key_attributes_t *attributes,
448 const uint8_t *key, size_t key_length,
449 uint8_t *data, size_t data_size, size_t *data_length)
450 {
451 if (key_length == sizeof(psa_drv_slot_number_t)) {
452 /* Assume this is a builtin key based on the key material length. */
453 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
454
455 switch (slot_number) {
456 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
457 /* This is the ECDSA slot. Verify the key's attributes before
458 * returning the private key. */
459 if (psa_get_key_type(attributes) !=
460 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
461 return PSA_ERROR_CORRUPTION_DETECTED;
462 }
463 if (psa_get_key_bits(attributes) != 256) {
464 return PSA_ERROR_CORRUPTION_DETECTED;
465 }
466 if (psa_get_key_algorithm(attributes) !=
467 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
468 return PSA_ERROR_CORRUPTION_DETECTED;
469 }
470 if ((psa_get_key_usage_flags(attributes) &
471 PSA_KEY_USAGE_EXPORT) == 0) {
472 return PSA_ERROR_CORRUPTION_DETECTED;
473 }
474
475 if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
476 return PSA_ERROR_BUFFER_TOO_SMALL;
477 }
478
479 memcpy(data, mbedtls_test_driver_ecdsa_key,
480 sizeof(mbedtls_test_driver_ecdsa_key));
481 *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
482 return PSA_SUCCESS;
483
484 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
485 /* This is the AES slot. Verify the key's attributes before
486 * returning the key. */
487 if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
488 return PSA_ERROR_CORRUPTION_DETECTED;
489 }
490 if (psa_get_key_bits(attributes) != 128) {
491 return PSA_ERROR_CORRUPTION_DETECTED;
492 }
493 if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
494 return PSA_ERROR_CORRUPTION_DETECTED;
495 }
496 if ((psa_get_key_usage_flags(attributes) &
497 PSA_KEY_USAGE_EXPORT) == 0) {
498 return PSA_ERROR_CORRUPTION_DETECTED;
499 }
500
501 if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
502 return PSA_ERROR_BUFFER_TOO_SMALL;
503 }
504
505 memcpy(data, mbedtls_test_driver_aes_key,
506 sizeof(mbedtls_test_driver_aes_key));
507 *data_length = sizeof(mbedtls_test_driver_aes_key);
508 return PSA_SUCCESS;
509
510 default:
511 return PSA_ERROR_DOES_NOT_EXIST;
512 }
513 } else {
514 /* This buffer will be used as an intermediate placeholder for
515 * the opaque key till we unwrap the key into key_buffer */
516 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
517 psa_key_type_t type = psa_get_key_type(attributes);
518
519 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
520 PSA_KEY_TYPE_IS_RSA(type) ||
521 PSA_KEY_TYPE_IS_ECC(type)) {
522 status = mbedtls_test_opaque_unwrap_key(key, key_length,
523 data, data_size, data_length);
524 return status;
525 }
526 }
527 return PSA_ERROR_NOT_SUPPORTED;
528 }
529
mbedtls_test_transparent_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)530 psa_status_t mbedtls_test_transparent_export_public_key(
531 const psa_key_attributes_t *attributes,
532 const uint8_t *key_buffer, size_t key_buffer_size,
533 uint8_t *data, size_t data_size, size_t *data_length)
534 {
535 ++mbedtls_test_driver_key_management_hooks.hits;
536 ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
537
538 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
539 return mbedtls_test_driver_key_management_hooks.forced_status;
540 }
541
542 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
543 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
544 data_size) {
545 return PSA_ERROR_BUFFER_TOO_SMALL;
546 }
547 memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
548 mbedtls_test_driver_key_management_hooks.forced_output_length);
549 *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
550 return PSA_SUCCESS;
551 }
552
553 psa_key_type_t key_type = psa_get_key_type(attributes);
554
555 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
556 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
557 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
558 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
559 return libtestdriver1_mbedtls_psa_ecp_export_public_key(
560 (const libtestdriver1_psa_key_attributes_t *) attributes,
561 key_buffer, key_buffer_size,
562 data, data_size, data_length);
563 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
564 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
565 return mbedtls_psa_ecp_export_public_key(
566 attributes,
567 key_buffer, key_buffer_size,
568 data, data_size, data_length);
569 #endif
570 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
571 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
572 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
573 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
574 return libtestdriver1_mbedtls_psa_rsa_export_public_key(
575 (const libtestdriver1_psa_key_attributes_t *) attributes,
576 key_buffer, key_buffer_size,
577 data, data_size, data_length);
578 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
579 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
580 return mbedtls_psa_rsa_export_public_key(
581 attributes,
582 key_buffer, key_buffer_size,
583 data, data_size, data_length);
584 #endif
585 } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
586 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
587 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
588 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
589 return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
590 (const libtestdriver1_psa_key_attributes_t *) attributes,
591 key_buffer, key_buffer_size,
592 data, data_size, data_length);
593 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
594 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
595 return mbedtls_psa_ffdh_export_public_key(
596 attributes,
597 key_buffer, key_buffer_size,
598 data, data_size, data_length);
599 #endif
600 }
601
602 (void) key_buffer;
603 (void) key_buffer_size;
604 (void) key_type;
605
606 return PSA_ERROR_NOT_SUPPORTED;
607 }
608
mbedtls_test_opaque_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)609 psa_status_t mbedtls_test_opaque_export_public_key(
610 const psa_key_attributes_t *attributes,
611 const uint8_t *key, size_t key_length,
612 uint8_t *data, size_t data_size, size_t *data_length)
613 {
614 if (key_length != sizeof(psa_drv_slot_number_t)) {
615 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
616 psa_key_type_t key_type = psa_get_key_type(attributes);
617 uint8_t *key_buffer_temp;
618
619 key_buffer_temp = mbedtls_calloc(1, key_length);
620 if (key_buffer_temp == NULL) {
621 return PSA_ERROR_INSUFFICIENT_MEMORY;
622 }
623
624 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
625 status = mbedtls_test_opaque_unwrap_key(key, key_length,
626 key_buffer_temp, key_length, data_length);
627 if (status == PSA_SUCCESS) {
628 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
629 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
630 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
631 status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
632 (const libtestdriver1_psa_key_attributes_t *) attributes,
633 key_buffer_temp, *data_length,
634 data, data_size, data_length);
635 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
636 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
637 status = mbedtls_psa_ecp_export_public_key(
638 attributes,
639 key_buffer_temp, *data_length,
640 data, data_size, data_length);
641 #else
642 status = PSA_ERROR_NOT_SUPPORTED;
643 #endif
644 }
645 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
646 status = mbedtls_test_opaque_unwrap_key(key, key_length,
647 key_buffer_temp, key_length, data_length);
648 if (status == PSA_SUCCESS) {
649 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
650 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
651 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
652 status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
653 (const libtestdriver1_psa_key_attributes_t *) attributes,
654 key_buffer_temp, *data_length,
655 data, data_size, data_length);
656 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
657 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
658 status = mbedtls_psa_rsa_export_public_key(
659 attributes,
660 key_buffer_temp, *data_length,
661 data, data_size, data_length);
662 #else
663 status = PSA_ERROR_NOT_SUPPORTED;
664 #endif
665 }
666 } else {
667 status = PSA_ERROR_NOT_SUPPORTED;
668 (void) key;
669 (void) key_type;
670 }
671 mbedtls_free(key_buffer_temp);
672 return status;
673 }
674
675 /* Assume this is a builtin key based on the key material length. */
676 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
677 switch (slot_number) {
678 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
679 /* This is the ECDSA slot. Verify the key's attributes before
680 * returning the public key. */
681 if (psa_get_key_type(attributes) !=
682 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
683 return PSA_ERROR_CORRUPTION_DETECTED;
684 }
685 if (psa_get_key_bits(attributes) != 256) {
686 return PSA_ERROR_CORRUPTION_DETECTED;
687 }
688 if (psa_get_key_algorithm(attributes) !=
689 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
690 return PSA_ERROR_CORRUPTION_DETECTED;
691 }
692
693 if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
694 return PSA_ERROR_BUFFER_TOO_SMALL;
695 }
696
697 memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
698 sizeof(mbedtls_test_driver_ecdsa_pubkey));
699 *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
700 return PSA_SUCCESS;
701
702 default:
703 return PSA_ERROR_DOES_NOT_EXIST;
704 }
705 }
706
707 /* The opaque test driver exposes two built-in keys when builtin key support is
708 * compiled in.
709 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
710 * key which allows CTR mode.
711 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
712 * private key which allows ECDSA sign & verify.
713 * The key buffer format for these is the raw format of psa_drv_slot_number_t
714 * (i.e. for an actual driver this would mean 'builtin_key_size' =
715 * sizeof(psa_drv_slot_number_t)).
716 */
mbedtls_test_opaque_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)717 psa_status_t mbedtls_test_opaque_get_builtin_key(
718 psa_drv_slot_number_t slot_number,
719 psa_key_attributes_t *attributes,
720 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
721 {
722 switch (slot_number) {
723 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
724 psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
725 psa_set_key_bits(attributes, 128);
726 psa_set_key_usage_flags(
727 attributes,
728 PSA_KEY_USAGE_ENCRYPT |
729 PSA_KEY_USAGE_DECRYPT |
730 PSA_KEY_USAGE_EXPORT);
731 psa_set_key_algorithm(attributes, PSA_ALG_CTR);
732
733 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
734 return PSA_ERROR_BUFFER_TOO_SMALL;
735 }
736
737 *((psa_drv_slot_number_t *) key_buffer) =
738 PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
739 *key_buffer_length = sizeof(psa_drv_slot_number_t);
740 return PSA_SUCCESS;
741 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
742 psa_set_key_type(
743 attributes,
744 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
745 psa_set_key_bits(attributes, 256);
746 psa_set_key_usage_flags(
747 attributes,
748 PSA_KEY_USAGE_SIGN_HASH |
749 PSA_KEY_USAGE_VERIFY_HASH |
750 PSA_KEY_USAGE_EXPORT);
751 psa_set_key_algorithm(
752 attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
753
754 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
755 return PSA_ERROR_BUFFER_TOO_SMALL;
756 }
757
758 *((psa_drv_slot_number_t *) key_buffer) =
759 PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
760 *key_buffer_length = sizeof(psa_drv_slot_number_t);
761 return PSA_SUCCESS;
762 default:
763 return PSA_ERROR_DOES_NOT_EXIST;
764 }
765 }
766
mbedtls_test_opaque_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)767 psa_status_t mbedtls_test_opaque_copy_key(
768 psa_key_attributes_t *attributes,
769 const uint8_t *source_key, size_t source_key_length,
770 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
771 {
772 /* This is a case where the opaque test driver emulates an SE without storage.
773 * With that all key context is stored in the wrapped buffer.
774 * So no additional house keeping is necessary to reference count the
775 * copied keys. This could change when the opaque test driver is extended
776 * to support SE with storage, or to emulate an SE without storage but
777 * still holding some slot references */
778 if (source_key_length > key_buffer_size) {
779 return PSA_ERROR_BUFFER_TOO_SMALL;
780 }
781
782 memcpy(key_buffer, source_key, source_key_length);
783 *key_buffer_length = source_key_length;
784 (void) attributes;
785 return PSA_SUCCESS;
786 }
787
788 #endif /* PSA_CRYPTO_DRIVER_TEST */
789
