1 /*
2 * Test driver for generating and verifying keys.
3 * Currently only supports generating and verifying ECC keys.
4 */
5 /* Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 */
8
9 #include <test/helpers.h>
10
11 #if defined(PSA_CRYPTO_DRIVER_TEST)
12 #include "psa/crypto.h"
13 #include "psa_crypto_core.h"
14 #include "psa_crypto_ecp.h"
15 #include "psa_crypto_rsa.h"
16 #include "psa_crypto_ffdh.h"
17 #include "mbedtls/ecp.h"
18 #include "mbedtls/error.h"
19
20 #include "test/drivers/key_management.h"
21 #include "test/drivers/test_driver.h"
22
23 #include "test/random.h"
24
25 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
26 #include "libtestdriver1/library/psa_crypto_ecp.h"
27 #include "libtestdriver1/library/psa_crypto_rsa.h"
28 #include "libtestdriver1/library/psa_crypto_ffdh.h"
29 #endif
30
31 #include <string.h>
32
33 mbedtls_test_driver_key_management_hooks_t
34 mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
35
36 const uint8_t mbedtls_test_driver_aes_key[16] =
37 { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
38 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
39 const uint8_t mbedtls_test_driver_ecdsa_key[32] =
40 { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
41 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
42 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
43 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
44 const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
45 { 0x04,
46 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
47 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
48 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
49 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
50 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
51 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
52 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
53 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
54
mbedtls_test_transparent_init(void)55 psa_status_t mbedtls_test_transparent_init(void)
56 {
57 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
58
59 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
60 status = libtestdriver1_psa_crypto_init();
61 if (status != PSA_SUCCESS) {
62 return status;
63 }
64 #endif
65
66 (void) status;
67 return PSA_SUCCESS;
68 }
69
mbedtls_test_transparent_free(void)70 void mbedtls_test_transparent_free(void)
71 {
72 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
73 libtestdriver1_mbedtls_psa_crypto_free();
74 #endif
75
76 return;
77 }
78
mbedtls_test_opaque_init(void)79 psa_status_t mbedtls_test_opaque_init(void)
80 {
81 return PSA_SUCCESS;
82 }
83
mbedtls_test_opaque_free(void)84 void mbedtls_test_opaque_free(void)
85 {
86 return;
87 }
88
89 /*
90 * This macro returns the base size for the key context when SE does not
91 * support storage. It is the size of the metadata that gets added to the
92 * wrapped key. In its test functionality the metadata is just some padded
93 * prefixing to the key.
94 */
95 #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
96 PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
97
98
mbedtls_test_opaque_size_function(const psa_key_type_t key_type,const size_t key_bits)99 size_t mbedtls_test_opaque_size_function(
100 const psa_key_type_t key_type,
101 const size_t key_bits)
102 {
103 size_t key_buffer_size = 0;
104
105 key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
106 if (key_buffer_size == 0) {
107 return 0;
108 }
109 /* Include spacing for base size overhead over the key size
110 * */
111 key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
112 return key_buffer_size;
113 }
114
mbedtls_test_opaque_get_base_size()115 static size_t mbedtls_test_opaque_get_base_size()
116 {
117 return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
118 }
119
120 /*
121 * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
122 * clear key. It expects the clear and wrap buffers to be passed in.
123 * key_length is the size of the clear key to be wrapped.
124 * wrapped_key_buffer_size is the size of the output buffer wrap_key.
125 * The argument wrapped_key_buffer_length is filled with the wrapped
126 * key_size on success.
127 * */
mbedtls_test_opaque_wrap_key(const uint8_t * key,size_t key_length,uint8_t * wrapped_key_buffer,size_t wrapped_key_buffer_size,size_t * wrapped_key_buffer_length)128 static psa_status_t mbedtls_test_opaque_wrap_key(
129 const uint8_t *key,
130 size_t key_length,
131 uint8_t *wrapped_key_buffer,
132 size_t wrapped_key_buffer_size,
133 size_t *wrapped_key_buffer_length)
134 {
135 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
136 uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
137
138 if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
139 return PSA_ERROR_BUFFER_TOO_SMALL;
140 }
141
142 /* Write in the opaque pad prefix */
143 memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
144 wrapped_key_buffer += opaque_key_base_size;
145 *wrapped_key_buffer_length = key_length + opaque_key_base_size;
146
147 while (key_length--) {
148 wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
149 }
150 return PSA_SUCCESS;
151 }
152
153 /*
154 * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
155 * and unwraps the wrapped key. It expects the clear and wrap buffers to be
156 * passed in.
157 * wrapped_key_length is the size of the wrapped key,
158 * key_buffer_size is the size of the output buffer clear_key.
159 * The argument key_buffer_length is filled with the unwrapped(clear)
160 * key_size on success.
161 * */
mbedtls_test_opaque_unwrap_key(const uint8_t * wrapped_key,size_t wrapped_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)162 psa_status_t mbedtls_test_opaque_unwrap_key(
163 const uint8_t *wrapped_key,
164 size_t wrapped_key_length,
165 uint8_t *key_buffer,
166 size_t key_buffer_size,
167 size_t *key_buffer_length)
168 {
169 /* Remove the pad prefix from the wrapped key */
170 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
171 size_t clear_key_size;
172
173 /* Check for underflow */
174 if (wrapped_key_length < opaque_key_base_size) {
175 return PSA_ERROR_DATA_CORRUPT;
176 }
177 clear_key_size = wrapped_key_length - opaque_key_base_size;
178
179 wrapped_key += opaque_key_base_size;
180 if (clear_key_size > key_buffer_size) {
181 return PSA_ERROR_BUFFER_TOO_SMALL;
182 }
183
184 *key_buffer_length = clear_key_size;
185 while (clear_key_size--) {
186 key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
187 }
188 return PSA_SUCCESS;
189 }
190
mbedtls_test_transparent_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)191 psa_status_t mbedtls_test_transparent_generate_key(
192 const psa_key_attributes_t *attributes,
193 uint8_t *key, size_t key_size, size_t *key_length)
194 {
195 ++mbedtls_test_driver_key_management_hooks.hits;
196
197 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
198 return mbedtls_test_driver_key_management_hooks.forced_status;
199 }
200
201 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
202 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
203 key_size) {
204 return PSA_ERROR_BUFFER_TOO_SMALL;
205 }
206 memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
207 mbedtls_test_driver_key_management_hooks.forced_output_length);
208 *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
209 return PSA_SUCCESS;
210 }
211
212 if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
213 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
214 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
215 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
216 return libtestdriver1_mbedtls_psa_ecp_generate_key(
217 (const libtestdriver1_psa_key_attributes_t *) attributes,
218 key, key_size, key_length);
219 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
220 return mbedtls_psa_ecp_generate_key(
221 attributes, key, key_size, key_length);
222 #endif
223 } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
224 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
225 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
226 return libtestdriver1_mbedtls_psa_rsa_generate_key(
227 (const libtestdriver1_psa_key_attributes_t *) attributes,
228 NULL, 0, /* We don't support custom e in the test driver yet */
229 key, key_size, key_length);
230 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
231 return mbedtls_psa_rsa_generate_key(
232 attributes,
233 NULL, 0, /* We don't support custom e in the test driver yet */
234 key, key_size, key_length);
235 #endif
236 } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
237 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
238 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
239 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
240 return libtestdriver1_mbedtls_psa_ffdh_generate_key(
241 (const libtestdriver1_psa_key_attributes_t *) attributes,
242 key, key_size, key_length);
243 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
244 return mbedtls_psa_ffdh_generate_key(
245 attributes, key, key_size, key_length);
246 #endif
247 }
248
249 (void) attributes;
250 return PSA_ERROR_NOT_SUPPORTED;
251 }
252
mbedtls_test_opaque_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)253 psa_status_t mbedtls_test_opaque_generate_key(
254 const psa_key_attributes_t *attributes,
255 uint8_t *key, size_t key_size, size_t *key_length)
256 {
257 (void) attributes;
258 (void) key;
259 (void) key_size;
260 (void) key_length;
261 return PSA_ERROR_NOT_SUPPORTED;
262 }
263
mbedtls_test_transparent_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)264 psa_status_t mbedtls_test_transparent_import_key(
265 const psa_key_attributes_t *attributes,
266 const uint8_t *data,
267 size_t data_length,
268 uint8_t *key_buffer,
269 size_t key_buffer_size,
270 size_t *key_buffer_length,
271 size_t *bits)
272 {
273 psa_key_type_t type = psa_get_key_type(attributes);
274
275 ++mbedtls_test_driver_key_management_hooks.hits;
276 mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
277
278 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
279 return mbedtls_test_driver_key_management_hooks.forced_status;
280 }
281
282 if (PSA_KEY_TYPE_IS_ECC(type)) {
283 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
284 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
285 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
286 return libtestdriver1_mbedtls_psa_ecp_import_key(
287 (const libtestdriver1_psa_key_attributes_t *) attributes,
288 data, data_length,
289 key_buffer, key_buffer_size,
290 key_buffer_length, bits);
291 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
292 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
293 return mbedtls_psa_ecp_import_key(
294 attributes,
295 data, data_length,
296 key_buffer, key_buffer_size,
297 key_buffer_length, bits);
298 #endif
299 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
300 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
301 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
302 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
303 return libtestdriver1_mbedtls_psa_rsa_import_key(
304 (const libtestdriver1_psa_key_attributes_t *) attributes,
305 data, data_length,
306 key_buffer, key_buffer_size,
307 key_buffer_length, bits);
308 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
309 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
310 return mbedtls_psa_rsa_import_key(
311 attributes,
312 data, data_length,
313 key_buffer, key_buffer_size,
314 key_buffer_length, bits);
315 #endif
316 } else if (PSA_KEY_TYPE_IS_DH(type)) {
317 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
318 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
319 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
320 return libtestdriver1_mbedtls_psa_ffdh_import_key(
321 (const libtestdriver1_psa_key_attributes_t *) attributes,
322 data, data_length,
323 key_buffer, key_buffer_size,
324 key_buffer_length, bits);
325 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
326 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
327 return mbedtls_psa_ffdh_import_key(
328 attributes,
329 data, data_length,
330 key_buffer, key_buffer_size,
331 key_buffer_length, bits);
332 #endif
333 }
334 (void) data;
335 (void) data_length;
336 (void) key_buffer;
337 (void) key_buffer_size;
338 (void) key_buffer_length;
339 (void) bits;
340 (void) type;
341
342 return PSA_ERROR_NOT_SUPPORTED;
343 }
344
345
mbedtls_test_opaque_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)346 psa_status_t mbedtls_test_opaque_import_key(
347 const psa_key_attributes_t *attributes,
348 const uint8_t *data,
349 size_t data_length,
350 uint8_t *key_buffer,
351 size_t key_buffer_size,
352 size_t *key_buffer_length,
353 size_t *bits)
354 {
355 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
356 psa_key_type_t type = psa_get_key_type(attributes);
357 /* This buffer will be used as an intermediate placeholder for
358 * the clear key till we wrap it */
359 uint8_t *key_buffer_temp;
360
361 ++mbedtls_test_driver_key_management_hooks.hits;
362 mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
363
364 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
365 return mbedtls_test_driver_key_management_hooks.forced_status;
366 }
367
368 key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
369 if (key_buffer_temp == NULL) {
370 return PSA_ERROR_INSUFFICIENT_MEMORY;
371 }
372
373 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
374 *bits = PSA_BYTES_TO_BITS(data_length);
375
376 status = psa_validate_unstructured_key_bit_size(type,
377 *bits);
378 if (status != PSA_SUCCESS) {
379 goto exit;
380 }
381
382 if (data_length > key_buffer_size) {
383 return PSA_ERROR_BUFFER_TOO_SMALL;
384 }
385
386 /* Copy the key material accounting for opaque key padding. */
387 memcpy(key_buffer_temp, data, data_length);
388 *key_buffer_length = data_length;
389 } else if (PSA_KEY_TYPE_IS_ECC(type)) {
390 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
391 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
392 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
393 status = libtestdriver1_mbedtls_psa_ecp_import_key(
394 (const libtestdriver1_psa_key_attributes_t *) attributes,
395 data, data_length,
396 key_buffer_temp, key_buffer_size,
397 key_buffer_length, bits);
398 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
399 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
400 status = mbedtls_psa_ecp_import_key(
401 attributes,
402 data, data_length,
403 key_buffer_temp, key_buffer_size,
404 key_buffer_length, bits);
405 #else
406 status = PSA_ERROR_NOT_SUPPORTED;
407 #endif
408 if (status != PSA_SUCCESS) {
409 goto exit;
410 }
411 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
412 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
413 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
414 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
415 status = libtestdriver1_mbedtls_psa_rsa_import_key(
416 (const libtestdriver1_psa_key_attributes_t *) attributes,
417 data, data_length,
418 key_buffer_temp, key_buffer_size,
419 key_buffer_length, bits);
420 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
421 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
422 status = mbedtls_psa_rsa_import_key(
423 attributes,
424 data, data_length,
425 key_buffer_temp, key_buffer_size,
426 key_buffer_length, bits);
427 #else
428 status = PSA_ERROR_NOT_SUPPORTED;
429 #endif
430 if (status != PSA_SUCCESS) {
431 goto exit;
432 }
433 } else {
434 status = PSA_ERROR_INVALID_ARGUMENT;
435 goto exit;
436 }
437
438 status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
439 key_buffer, key_buffer_size, key_buffer_length);
440 exit:
441 mbedtls_free(key_buffer_temp);
442 return status;
443 }
444
mbedtls_test_opaque_export_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)445 psa_status_t mbedtls_test_opaque_export_key(
446 const psa_key_attributes_t *attributes,
447 const uint8_t *key, size_t key_length,
448 uint8_t *data, size_t data_size, size_t *data_length)
449 {
450 if (key_length == sizeof(psa_drv_slot_number_t)) {
451 /* Assume this is a builtin key based on the key material length. */
452 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
453
454 switch (slot_number) {
455 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
456 /* This is the ECDSA slot. Verify the key's attributes before
457 * returning the private key. */
458 if (psa_get_key_type(attributes) !=
459 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
460 return PSA_ERROR_CORRUPTION_DETECTED;
461 }
462 if (psa_get_key_bits(attributes) != 256) {
463 return PSA_ERROR_CORRUPTION_DETECTED;
464 }
465 if (psa_get_key_algorithm(attributes) !=
466 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
467 return PSA_ERROR_CORRUPTION_DETECTED;
468 }
469 if ((psa_get_key_usage_flags(attributes) &
470 PSA_KEY_USAGE_EXPORT) == 0) {
471 return PSA_ERROR_CORRUPTION_DETECTED;
472 }
473
474 if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
475 return PSA_ERROR_BUFFER_TOO_SMALL;
476 }
477
478 memcpy(data, mbedtls_test_driver_ecdsa_key,
479 sizeof(mbedtls_test_driver_ecdsa_key));
480 *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
481 return PSA_SUCCESS;
482
483 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
484 /* This is the AES slot. Verify the key's attributes before
485 * returning the key. */
486 if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
487 return PSA_ERROR_CORRUPTION_DETECTED;
488 }
489 if (psa_get_key_bits(attributes) != 128) {
490 return PSA_ERROR_CORRUPTION_DETECTED;
491 }
492 if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
493 return PSA_ERROR_CORRUPTION_DETECTED;
494 }
495 if ((psa_get_key_usage_flags(attributes) &
496 PSA_KEY_USAGE_EXPORT) == 0) {
497 return PSA_ERROR_CORRUPTION_DETECTED;
498 }
499
500 if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
501 return PSA_ERROR_BUFFER_TOO_SMALL;
502 }
503
504 memcpy(data, mbedtls_test_driver_aes_key,
505 sizeof(mbedtls_test_driver_aes_key));
506 *data_length = sizeof(mbedtls_test_driver_aes_key);
507 return PSA_SUCCESS;
508
509 default:
510 return PSA_ERROR_DOES_NOT_EXIST;
511 }
512 } else {
513 /* This buffer will be used as an intermediate placeholder for
514 * the opaque key till we unwrap the key into key_buffer */
515 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
516 psa_key_type_t type = psa_get_key_type(attributes);
517
518 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
519 PSA_KEY_TYPE_IS_RSA(type) ||
520 PSA_KEY_TYPE_IS_ECC(type)) {
521 status = mbedtls_test_opaque_unwrap_key(key, key_length,
522 data, data_size, data_length);
523 return status;
524 }
525 }
526 return PSA_ERROR_NOT_SUPPORTED;
527 }
528
mbedtls_test_transparent_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)529 psa_status_t mbedtls_test_transparent_export_public_key(
530 const psa_key_attributes_t *attributes,
531 const uint8_t *key_buffer, size_t key_buffer_size,
532 uint8_t *data, size_t data_size, size_t *data_length)
533 {
534 ++mbedtls_test_driver_key_management_hooks.hits;
535 ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
536
537 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
538 return mbedtls_test_driver_key_management_hooks.forced_status;
539 }
540
541 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
542 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
543 data_size) {
544 return PSA_ERROR_BUFFER_TOO_SMALL;
545 }
546 memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
547 mbedtls_test_driver_key_management_hooks.forced_output_length);
548 *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
549 return PSA_SUCCESS;
550 }
551
552 psa_key_type_t key_type = psa_get_key_type(attributes);
553
554 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
555 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
556 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
557 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
558 return libtestdriver1_mbedtls_psa_ecp_export_public_key(
559 (const libtestdriver1_psa_key_attributes_t *) attributes,
560 key_buffer, key_buffer_size,
561 data, data_size, data_length);
562 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
563 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
564 return mbedtls_psa_ecp_export_public_key(
565 attributes,
566 key_buffer, key_buffer_size,
567 data, data_size, data_length);
568 #endif
569 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
570 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
571 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
572 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
573 return libtestdriver1_mbedtls_psa_rsa_export_public_key(
574 (const libtestdriver1_psa_key_attributes_t *) attributes,
575 key_buffer, key_buffer_size,
576 data, data_size, data_length);
577 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
578 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
579 return mbedtls_psa_rsa_export_public_key(
580 attributes,
581 key_buffer, key_buffer_size,
582 data, data_size, data_length);
583 #endif
584 } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
585 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
586 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
587 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
588 return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
589 (const libtestdriver1_psa_key_attributes_t *) attributes,
590 key_buffer, key_buffer_size,
591 data, data_size, data_length);
592 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
593 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
594 return mbedtls_psa_ffdh_export_public_key(
595 attributes,
596 key_buffer, key_buffer_size,
597 data, data_size, data_length);
598 #endif
599 }
600
601 (void) key_buffer;
602 (void) key_buffer_size;
603 (void) key_type;
604
605 return PSA_ERROR_NOT_SUPPORTED;
606 }
607
mbedtls_test_opaque_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)608 psa_status_t mbedtls_test_opaque_export_public_key(
609 const psa_key_attributes_t *attributes,
610 const uint8_t *key, size_t key_length,
611 uint8_t *data, size_t data_size, size_t *data_length)
612 {
613 if (key_length != sizeof(psa_drv_slot_number_t)) {
614 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
615 psa_key_type_t key_type = psa_get_key_type(attributes);
616 uint8_t *key_buffer_temp;
617
618 key_buffer_temp = mbedtls_calloc(1, key_length);
619 if (key_buffer_temp == NULL) {
620 return PSA_ERROR_INSUFFICIENT_MEMORY;
621 }
622
623 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
624 status = mbedtls_test_opaque_unwrap_key(key, key_length,
625 key_buffer_temp, key_length, data_length);
626 if (status == PSA_SUCCESS) {
627 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
628 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
629 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
630 status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
631 (const libtestdriver1_psa_key_attributes_t *) attributes,
632 key_buffer_temp, *data_length,
633 data, data_size, data_length);
634 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
635 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
636 status = mbedtls_psa_ecp_export_public_key(
637 attributes,
638 key_buffer_temp, *data_length,
639 data, data_size, data_length);
640 #else
641 status = PSA_ERROR_NOT_SUPPORTED;
642 #endif
643 }
644 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
645 status = mbedtls_test_opaque_unwrap_key(key, key_length,
646 key_buffer_temp, key_length, data_length);
647 if (status == PSA_SUCCESS) {
648 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
649 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
650 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
651 status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
652 (const libtestdriver1_psa_key_attributes_t *) attributes,
653 key_buffer_temp, *data_length,
654 data, data_size, data_length);
655 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
656 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
657 status = mbedtls_psa_rsa_export_public_key(
658 attributes,
659 key_buffer_temp, *data_length,
660 data, data_size, data_length);
661 #else
662 status = PSA_ERROR_NOT_SUPPORTED;
663 #endif
664 }
665 } else {
666 status = PSA_ERROR_NOT_SUPPORTED;
667 (void) key;
668 (void) key_type;
669 }
670 mbedtls_free(key_buffer_temp);
671 return status;
672 }
673
674 /* Assume this is a builtin key based on the key material length. */
675 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
676 switch (slot_number) {
677 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
678 /* This is the ECDSA slot. Verify the key's attributes before
679 * returning the public key. */
680 if (psa_get_key_type(attributes) !=
681 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
682 return PSA_ERROR_CORRUPTION_DETECTED;
683 }
684 if (psa_get_key_bits(attributes) != 256) {
685 return PSA_ERROR_CORRUPTION_DETECTED;
686 }
687 if (psa_get_key_algorithm(attributes) !=
688 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
689 return PSA_ERROR_CORRUPTION_DETECTED;
690 }
691
692 if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
693 return PSA_ERROR_BUFFER_TOO_SMALL;
694 }
695
696 memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
697 sizeof(mbedtls_test_driver_ecdsa_pubkey));
698 *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
699 return PSA_SUCCESS;
700
701 default:
702 return PSA_ERROR_DOES_NOT_EXIST;
703 }
704 }
705
706 /* The opaque test driver exposes two built-in keys when builtin key support is
707 * compiled in.
708 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
709 * key which allows CTR mode.
710 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
711 * private key which allows ECDSA sign & verify.
712 * The key buffer format for these is the raw format of psa_drv_slot_number_t
713 * (i.e. for an actual driver this would mean 'builtin_key_size' =
714 * sizeof(psa_drv_slot_number_t)).
715 */
mbedtls_test_opaque_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)716 psa_status_t mbedtls_test_opaque_get_builtin_key(
717 psa_drv_slot_number_t slot_number,
718 psa_key_attributes_t *attributes,
719 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
720 {
721 switch (slot_number) {
722 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
723 psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
724 psa_set_key_bits(attributes, 128);
725 psa_set_key_usage_flags(
726 attributes,
727 PSA_KEY_USAGE_ENCRYPT |
728 PSA_KEY_USAGE_DECRYPT |
729 PSA_KEY_USAGE_EXPORT);
730 psa_set_key_algorithm(attributes, PSA_ALG_CTR);
731
732 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
733 return PSA_ERROR_BUFFER_TOO_SMALL;
734 }
735
736 *((psa_drv_slot_number_t *) key_buffer) =
737 PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
738 *key_buffer_length = sizeof(psa_drv_slot_number_t);
739 return PSA_SUCCESS;
740 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
741 psa_set_key_type(
742 attributes,
743 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
744 psa_set_key_bits(attributes, 256);
745 psa_set_key_usage_flags(
746 attributes,
747 PSA_KEY_USAGE_SIGN_HASH |
748 PSA_KEY_USAGE_VERIFY_HASH |
749 PSA_KEY_USAGE_EXPORT);
750 psa_set_key_algorithm(
751 attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
752
753 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
754 return PSA_ERROR_BUFFER_TOO_SMALL;
755 }
756
757 *((psa_drv_slot_number_t *) key_buffer) =
758 PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
759 *key_buffer_length = sizeof(psa_drv_slot_number_t);
760 return PSA_SUCCESS;
761 default:
762 return PSA_ERROR_DOES_NOT_EXIST;
763 }
764 }
765
mbedtls_test_opaque_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)766 psa_status_t mbedtls_test_opaque_copy_key(
767 psa_key_attributes_t *attributes,
768 const uint8_t *source_key, size_t source_key_length,
769 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
770 {
771 /* This is a case where the opaque test driver emulates an SE without storage.
772 * With that all key context is stored in the wrapped buffer.
773 * So no additional house keeping is necessary to reference count the
774 * copied keys. This could change when the opaque test driver is extended
775 * to support SE with storage, or to emulate an SE without storage but
776 * still holding some slot references */
777 if (source_key_length > key_buffer_size) {
778 return PSA_ERROR_BUFFER_TOO_SMALL;
779 }
780
781 memcpy(key_buffer, source_key, source_key_length);
782 *key_buffer_length = source_key_length;
783 (void) attributes;
784 return PSA_SUCCESS;
785 }
786
787 #endif /* PSA_CRYPTO_DRIVER_TEST */
788
