1 /*
2 * Test driver for generating and verifying keys.
3 * Currently only supports generating and verifying ECC keys.
4 */
5 /* Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 */
8
9 #include <test/helpers.h>
10
11 #if defined(PSA_CRYPTO_DRIVER_TEST)
12 #include "psa/crypto.h"
13 #include "psa_crypto_core.h"
14 #include "psa_crypto_ecp.h"
15 #include "psa_crypto_rsa.h"
16 #include "psa_crypto_ffdh.h"
17 #include "mbedtls/ecp.h"
18 #include "mbedtls/error.h"
19
20 #include "test/drivers/key_management.h"
21 #include "test/drivers/test_driver.h"
22
23 #include "test/random.h"
24
25 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
26 #include "libtestdriver1/library/psa_crypto_ecp.h"
27 #include "libtestdriver1/library/psa_crypto_rsa.h"
28 #include "libtestdriver1/library/psa_crypto_ffdh.h"
29 #endif
30
31 #include <string.h>
32
33 mbedtls_test_driver_key_management_hooks_t
34 mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
35
36 const uint8_t mbedtls_test_driver_aes_key[16] =
37 { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
38 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
39 const uint8_t mbedtls_test_driver_ecdsa_key[32] =
40 { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
41 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
42 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
43 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
44 const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
45 { 0x04,
46 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
47 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
48 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
49 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
50 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
51 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
52 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
53 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
54
mbedtls_test_transparent_init(void)55 psa_status_t mbedtls_test_transparent_init(void)
56 {
57 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
58
59 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
60 status = libtestdriver1_psa_crypto_init();
61 if (status != PSA_SUCCESS) {
62 return status;
63 }
64 #endif
65
66 (void) status;
67 return PSA_SUCCESS;
68 }
69
mbedtls_test_transparent_free(void)70 void mbedtls_test_transparent_free(void)
71 {
72 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
73 libtestdriver1_mbedtls_psa_crypto_free();
74 #endif
75
76 return;
77 }
78
mbedtls_test_opaque_init(void)79 psa_status_t mbedtls_test_opaque_init(void)
80 {
81 return PSA_SUCCESS;
82 }
83
mbedtls_test_opaque_free(void)84 void mbedtls_test_opaque_free(void)
85 {
86 return;
87 }
88
89 /*
90 * This macro returns the base size for the key context when SE does not
91 * support storage. It is the size of the metadata that gets added to the
92 * wrapped key. In its test functionality the metadata is just some padded
93 * prefixing to the key.
94 */
95 #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
96 PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
97
98
mbedtls_test_opaque_size_function(const psa_key_type_t key_type,const size_t key_bits)99 size_t mbedtls_test_opaque_size_function(
100 const psa_key_type_t key_type,
101 const size_t key_bits)
102 {
103 size_t key_buffer_size = 0;
104
105 key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
106 if (key_buffer_size == 0) {
107 return 0;
108 }
109 /* Include spacing for base size overhead over the key size
110 * */
111 key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
112 return key_buffer_size;
113 }
114
mbedtls_test_opaque_get_base_size()115 static size_t mbedtls_test_opaque_get_base_size()
116 {
117 return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
118 }
119
120 /*
121 * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
122 * clear key. It expects the clear and wrap buffers to be passed in.
123 * key_length is the size of the clear key to be wrapped.
124 * wrapped_key_buffer_size is the size of the output buffer wrap_key.
125 * The argument wrapped_key_buffer_length is filled with the wrapped
126 * key_size on success.
127 * */
mbedtls_test_opaque_wrap_key(const uint8_t * key,size_t key_length,uint8_t * wrapped_key_buffer,size_t wrapped_key_buffer_size,size_t * wrapped_key_buffer_length)128 static psa_status_t mbedtls_test_opaque_wrap_key(
129 const uint8_t *key,
130 size_t key_length,
131 uint8_t *wrapped_key_buffer,
132 size_t wrapped_key_buffer_size,
133 size_t *wrapped_key_buffer_length)
134 {
135 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
136 uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
137
138 if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
139 return PSA_ERROR_BUFFER_TOO_SMALL;
140 }
141
142 /* Write in the opaque pad prefix */
143 memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
144 wrapped_key_buffer += opaque_key_base_size;
145 *wrapped_key_buffer_length = key_length + opaque_key_base_size;
146
147 while (key_length--) {
148 wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
149 }
150 return PSA_SUCCESS;
151 }
152
153 /*
154 * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
155 * and unwraps the wrapped key. It expects the clear and wrap buffers to be
156 * passed in.
157 * wrapped_key_length is the size of the wrapped key,
158 * key_buffer_size is the size of the output buffer clear_key.
159 * The argument key_buffer_length is filled with the unwrapped(clear)
160 * key_size on success.
161 * */
mbedtls_test_opaque_unwrap_key(const uint8_t * wrapped_key,size_t wrapped_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)162 static psa_status_t mbedtls_test_opaque_unwrap_key(
163 const uint8_t *wrapped_key,
164 size_t wrapped_key_length,
165 uint8_t *key_buffer,
166 size_t key_buffer_size,
167 size_t *key_buffer_length)
168 {
169 /* Remove the pad prefix from the wrapped key */
170 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
171 size_t clear_key_size;
172
173 /* Check for underflow */
174 if (wrapped_key_length < opaque_key_base_size) {
175 return PSA_ERROR_DATA_CORRUPT;
176 }
177 clear_key_size = wrapped_key_length - opaque_key_base_size;
178
179 wrapped_key += opaque_key_base_size;
180 if (clear_key_size > key_buffer_size) {
181 return PSA_ERROR_BUFFER_TOO_SMALL;
182 }
183
184 *key_buffer_length = clear_key_size;
185 while (clear_key_size--) {
186 key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
187 }
188 return PSA_SUCCESS;
189 }
190
mbedtls_test_transparent_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)191 psa_status_t mbedtls_test_transparent_generate_key(
192 const psa_key_attributes_t *attributes,
193 uint8_t *key, size_t key_size, size_t *key_length)
194 {
195 ++mbedtls_test_driver_key_management_hooks.hits;
196
197 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
198 return mbedtls_test_driver_key_management_hooks.forced_status;
199 }
200
201 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
202 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
203 key_size) {
204 return PSA_ERROR_BUFFER_TOO_SMALL;
205 }
206 memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
207 mbedtls_test_driver_key_management_hooks.forced_output_length);
208 *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
209 return PSA_SUCCESS;
210 }
211
212 if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
213 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
214 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
215 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
216 return libtestdriver1_mbedtls_psa_ecp_generate_key(
217 (const libtestdriver1_psa_key_attributes_t *) attributes,
218 key, key_size, key_length);
219 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
220 return mbedtls_psa_ecp_generate_key(
221 attributes, key, key_size, key_length);
222 #endif
223 } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
224 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
225 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
226 return libtestdriver1_mbedtls_psa_rsa_generate_key(
227 (const libtestdriver1_psa_key_attributes_t *) attributes,
228 key, key_size, key_length);
229 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
230 return mbedtls_psa_rsa_generate_key(
231 attributes, key, key_size, key_length);
232 #endif
233 } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
234 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
235 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
236 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
237 return libtestdriver1_mbedtls_psa_ffdh_generate_key(
238 (const libtestdriver1_psa_key_attributes_t *) attributes,
239 key, key_size, key_length);
240 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
241 return mbedtls_psa_ffdh_generate_key(
242 attributes, key, key_size, key_length);
243 #endif
244 }
245
246 (void) attributes;
247 return PSA_ERROR_NOT_SUPPORTED;
248 }
249
mbedtls_test_opaque_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)250 psa_status_t mbedtls_test_opaque_generate_key(
251 const psa_key_attributes_t *attributes,
252 uint8_t *key, size_t key_size, size_t *key_length)
253 {
254 (void) attributes;
255 (void) key;
256 (void) key_size;
257 (void) key_length;
258 return PSA_ERROR_NOT_SUPPORTED;
259 }
260
mbedtls_test_transparent_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)261 psa_status_t mbedtls_test_transparent_import_key(
262 const psa_key_attributes_t *attributes,
263 const uint8_t *data,
264 size_t data_length,
265 uint8_t *key_buffer,
266 size_t key_buffer_size,
267 size_t *key_buffer_length,
268 size_t *bits)
269 {
270 psa_key_type_t type = psa_get_key_type(attributes);
271
272 ++mbedtls_test_driver_key_management_hooks.hits;
273 mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
274
275 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
276 return mbedtls_test_driver_key_management_hooks.forced_status;
277 }
278
279 if (PSA_KEY_TYPE_IS_ECC(type)) {
280 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
281 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
282 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
283 return libtestdriver1_mbedtls_psa_ecp_import_key(
284 (const libtestdriver1_psa_key_attributes_t *) attributes,
285 data, data_length,
286 key_buffer, key_buffer_size,
287 key_buffer_length, bits);
288 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
289 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
290 return mbedtls_psa_ecp_import_key(
291 attributes,
292 data, data_length,
293 key_buffer, key_buffer_size,
294 key_buffer_length, bits);
295 #endif
296 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
297 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
298 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
299 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
300 return libtestdriver1_mbedtls_psa_rsa_import_key(
301 (const libtestdriver1_psa_key_attributes_t *) attributes,
302 data, data_length,
303 key_buffer, key_buffer_size,
304 key_buffer_length, bits);
305 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
306 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
307 return mbedtls_psa_rsa_import_key(
308 attributes,
309 data, data_length,
310 key_buffer, key_buffer_size,
311 key_buffer_length, bits);
312 #endif
313 } else if (PSA_KEY_TYPE_IS_DH(type)) {
314 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
315 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
316 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
317 return libtestdriver1_mbedtls_psa_ffdh_import_key(
318 (const libtestdriver1_psa_key_attributes_t *) attributes,
319 data, data_length,
320 key_buffer, key_buffer_size,
321 key_buffer_length, bits);
322 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
323 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
324 return mbedtls_psa_ffdh_import_key(
325 attributes,
326 data, data_length,
327 key_buffer, key_buffer_size,
328 key_buffer_length, bits);
329 #endif
330 }
331 (void) data;
332 (void) data_length;
333 (void) key_buffer;
334 (void) key_buffer_size;
335 (void) key_buffer_length;
336 (void) bits;
337 (void) type;
338
339 return PSA_ERROR_NOT_SUPPORTED;
340 }
341
342
mbedtls_test_opaque_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)343 psa_status_t mbedtls_test_opaque_import_key(
344 const psa_key_attributes_t *attributes,
345 const uint8_t *data,
346 size_t data_length,
347 uint8_t *key_buffer,
348 size_t key_buffer_size,
349 size_t *key_buffer_length,
350 size_t *bits)
351 {
352 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
353 psa_key_type_t type = psa_get_key_type(attributes);
354 /* This buffer will be used as an intermediate placeholder for
355 * the clear key till we wrap it */
356 uint8_t *key_buffer_temp;
357
358 ++mbedtls_test_driver_key_management_hooks.hits;
359 mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
360
361 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
362 return mbedtls_test_driver_key_management_hooks.forced_status;
363 }
364
365 key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
366 if (key_buffer_temp == NULL) {
367 return PSA_ERROR_INSUFFICIENT_MEMORY;
368 }
369
370 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
371 *bits = PSA_BYTES_TO_BITS(data_length);
372
373 status = psa_validate_unstructured_key_bit_size(type,
374 *bits);
375 if (status != PSA_SUCCESS) {
376 goto exit;
377 }
378
379 if (data_length > key_buffer_size) {
380 return PSA_ERROR_BUFFER_TOO_SMALL;
381 }
382
383 /* Copy the key material accounting for opaque key padding. */
384 memcpy(key_buffer_temp, data, data_length);
385 *key_buffer_length = data_length;
386 } else if (PSA_KEY_TYPE_IS_ECC(type)) {
387 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
388 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
389 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
390 status = libtestdriver1_mbedtls_psa_ecp_import_key(
391 (const libtestdriver1_psa_key_attributes_t *) attributes,
392 data, data_length,
393 key_buffer_temp, key_buffer_size,
394 key_buffer_length, bits);
395 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
396 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
397 status = mbedtls_psa_ecp_import_key(
398 attributes,
399 data, data_length,
400 key_buffer_temp, key_buffer_size,
401 key_buffer_length, bits);
402 #else
403 status = PSA_ERROR_NOT_SUPPORTED;
404 #endif
405 if (status != PSA_SUCCESS) {
406 goto exit;
407 }
408 } else if (PSA_KEY_TYPE_IS_RSA(type)) {
409 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
410 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
411 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
412 status = libtestdriver1_mbedtls_psa_rsa_import_key(
413 (const libtestdriver1_psa_key_attributes_t *) attributes,
414 data, data_length,
415 key_buffer_temp, key_buffer_size,
416 key_buffer_length, bits);
417 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
418 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
419 status = mbedtls_psa_rsa_import_key(
420 attributes,
421 data, data_length,
422 key_buffer_temp, key_buffer_size,
423 key_buffer_length, bits);
424 #else
425 status = PSA_ERROR_NOT_SUPPORTED;
426 #endif
427 if (status != PSA_SUCCESS) {
428 goto exit;
429 }
430 } else {
431 status = PSA_ERROR_INVALID_ARGUMENT;
432 goto exit;
433 }
434
435 status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
436 key_buffer, key_buffer_size, key_buffer_length);
437 exit:
438 mbedtls_free(key_buffer_temp);
439 return status;
440 }
441
mbedtls_test_opaque_export_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)442 psa_status_t mbedtls_test_opaque_export_key(
443 const psa_key_attributes_t *attributes,
444 const uint8_t *key, size_t key_length,
445 uint8_t *data, size_t data_size, size_t *data_length)
446 {
447 if (key_length == sizeof(psa_drv_slot_number_t)) {
448 /* Assume this is a builtin key based on the key material length. */
449 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
450
451 switch (slot_number) {
452 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
453 /* This is the ECDSA slot. Verify the key's attributes before
454 * returning the private key. */
455 if (psa_get_key_type(attributes) !=
456 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
457 return PSA_ERROR_CORRUPTION_DETECTED;
458 }
459 if (psa_get_key_bits(attributes) != 256) {
460 return PSA_ERROR_CORRUPTION_DETECTED;
461 }
462 if (psa_get_key_algorithm(attributes) !=
463 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
464 return PSA_ERROR_CORRUPTION_DETECTED;
465 }
466 if ((psa_get_key_usage_flags(attributes) &
467 PSA_KEY_USAGE_EXPORT) == 0) {
468 return PSA_ERROR_CORRUPTION_DETECTED;
469 }
470
471 if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
472 return PSA_ERROR_BUFFER_TOO_SMALL;
473 }
474
475 memcpy(data, mbedtls_test_driver_ecdsa_key,
476 sizeof(mbedtls_test_driver_ecdsa_key));
477 *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
478 return PSA_SUCCESS;
479
480 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
481 /* This is the AES slot. Verify the key's attributes before
482 * returning the key. */
483 if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
484 return PSA_ERROR_CORRUPTION_DETECTED;
485 }
486 if (psa_get_key_bits(attributes) != 128) {
487 return PSA_ERROR_CORRUPTION_DETECTED;
488 }
489 if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
490 return PSA_ERROR_CORRUPTION_DETECTED;
491 }
492 if ((psa_get_key_usage_flags(attributes) &
493 PSA_KEY_USAGE_EXPORT) == 0) {
494 return PSA_ERROR_CORRUPTION_DETECTED;
495 }
496
497 if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
498 return PSA_ERROR_BUFFER_TOO_SMALL;
499 }
500
501 memcpy(data, mbedtls_test_driver_aes_key,
502 sizeof(mbedtls_test_driver_aes_key));
503 *data_length = sizeof(mbedtls_test_driver_aes_key);
504 return PSA_SUCCESS;
505
506 default:
507 return PSA_ERROR_DOES_NOT_EXIST;
508 }
509 } else {
510 /* This buffer will be used as an intermediate placeholder for
511 * the opaque key till we unwrap the key into key_buffer */
512 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
513 psa_key_type_t type = psa_get_key_type(attributes);
514
515 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
516 PSA_KEY_TYPE_IS_RSA(type) ||
517 PSA_KEY_TYPE_IS_ECC(type)) {
518 status = mbedtls_test_opaque_unwrap_key(key, key_length,
519 data, data_size, data_length);
520 return status;
521 }
522 }
523 return PSA_ERROR_NOT_SUPPORTED;
524 }
525
mbedtls_test_transparent_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)526 psa_status_t mbedtls_test_transparent_export_public_key(
527 const psa_key_attributes_t *attributes,
528 const uint8_t *key_buffer, size_t key_buffer_size,
529 uint8_t *data, size_t data_size, size_t *data_length)
530 {
531 ++mbedtls_test_driver_key_management_hooks.hits;
532
533 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
534 return mbedtls_test_driver_key_management_hooks.forced_status;
535 }
536
537 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
538 if (mbedtls_test_driver_key_management_hooks.forced_output_length >
539 data_size) {
540 return PSA_ERROR_BUFFER_TOO_SMALL;
541 }
542 memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
543 mbedtls_test_driver_key_management_hooks.forced_output_length);
544 *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
545 return PSA_SUCCESS;
546 }
547
548 psa_key_type_t key_type = psa_get_key_type(attributes);
549
550 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
551 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
552 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
553 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
554 return libtestdriver1_mbedtls_psa_ecp_export_public_key(
555 (const libtestdriver1_psa_key_attributes_t *) attributes,
556 key_buffer, key_buffer_size,
557 data, data_size, data_length);
558 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
559 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
560 return mbedtls_psa_ecp_export_public_key(
561 attributes,
562 key_buffer, key_buffer_size,
563 data, data_size, data_length);
564 #endif
565 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
566 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
567 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
568 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
569 return libtestdriver1_mbedtls_psa_rsa_export_public_key(
570 (const libtestdriver1_psa_key_attributes_t *) attributes,
571 key_buffer, key_buffer_size,
572 data, data_size, data_length);
573 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
574 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
575 return mbedtls_psa_rsa_export_public_key(
576 attributes,
577 key_buffer, key_buffer_size,
578 data, data_size, data_length);
579 #endif
580 } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
581 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
582 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
583 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
584 return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
585 (const libtestdriver1_psa_key_attributes_t *) attributes,
586 key_buffer, key_buffer_size,
587 data, data_size, data_length);
588 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
589 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
590 return mbedtls_psa_ffdh_export_public_key(
591 attributes,
592 key_buffer, key_buffer_size,
593 data, data_size, data_length);
594 #endif
595 }
596
597 (void) key_buffer;
598 (void) key_buffer_size;
599 (void) key_type;
600
601 return PSA_ERROR_NOT_SUPPORTED;
602 }
603
mbedtls_test_opaque_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)604 psa_status_t mbedtls_test_opaque_export_public_key(
605 const psa_key_attributes_t *attributes,
606 const uint8_t *key, size_t key_length,
607 uint8_t *data, size_t data_size, size_t *data_length)
608 {
609 if (key_length != sizeof(psa_drv_slot_number_t)) {
610 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
611 psa_key_type_t key_type = psa_get_key_type(attributes);
612 uint8_t *key_buffer_temp;
613
614 key_buffer_temp = mbedtls_calloc(1, key_length);
615 if (key_buffer_temp == NULL) {
616 return PSA_ERROR_INSUFFICIENT_MEMORY;
617 }
618
619 if (PSA_KEY_TYPE_IS_ECC(key_type)) {
620 status = mbedtls_test_opaque_unwrap_key(key, key_length,
621 key_buffer_temp, key_length, data_length);
622 if (status == PSA_SUCCESS) {
623 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
624 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
625 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
626 status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
627 (const libtestdriver1_psa_key_attributes_t *) attributes,
628 key_buffer_temp, *data_length,
629 data, data_size, data_length);
630 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
631 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
632 status = mbedtls_psa_ecp_export_public_key(
633 attributes,
634 key_buffer_temp, *data_length,
635 data, data_size, data_length);
636 #else
637 status = PSA_ERROR_NOT_SUPPORTED;
638 #endif
639 }
640 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
641 status = mbedtls_test_opaque_unwrap_key(key, key_length,
642 key_buffer_temp, key_length, data_length);
643 if (status == PSA_SUCCESS) {
644 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
645 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
646 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
647 status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
648 (const libtestdriver1_psa_key_attributes_t *) attributes,
649 key_buffer_temp, *data_length,
650 data, data_size, data_length);
651 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
652 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
653 status = mbedtls_psa_rsa_export_public_key(
654 attributes,
655 key_buffer_temp, *data_length,
656 data, data_size, data_length);
657 #else
658 status = PSA_ERROR_NOT_SUPPORTED;
659 #endif
660 }
661 } else {
662 status = PSA_ERROR_NOT_SUPPORTED;
663 (void) key;
664 (void) key_type;
665 }
666 mbedtls_free(key_buffer_temp);
667 return status;
668 }
669
670 /* Assume this is a builtin key based on the key material length. */
671 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
672 switch (slot_number) {
673 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
674 /* This is the ECDSA slot. Verify the key's attributes before
675 * returning the public key. */
676 if (psa_get_key_type(attributes) !=
677 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
678 return PSA_ERROR_CORRUPTION_DETECTED;
679 }
680 if (psa_get_key_bits(attributes) != 256) {
681 return PSA_ERROR_CORRUPTION_DETECTED;
682 }
683 if (psa_get_key_algorithm(attributes) !=
684 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
685 return PSA_ERROR_CORRUPTION_DETECTED;
686 }
687
688 if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
689 return PSA_ERROR_BUFFER_TOO_SMALL;
690 }
691
692 memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
693 sizeof(mbedtls_test_driver_ecdsa_pubkey));
694 *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
695 return PSA_SUCCESS;
696
697 default:
698 return PSA_ERROR_DOES_NOT_EXIST;
699 }
700 }
701
702 /* The opaque test driver exposes two built-in keys when builtin key support is
703 * compiled in.
704 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
705 * key which allows CTR mode.
706 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
707 * private key which allows ECDSA sign & verify.
708 * The key buffer format for these is the raw format of psa_drv_slot_number_t
709 * (i.e. for an actual driver this would mean 'builtin_key_size' =
710 * sizeof(psa_drv_slot_number_t)).
711 */
mbedtls_test_opaque_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)712 psa_status_t mbedtls_test_opaque_get_builtin_key(
713 psa_drv_slot_number_t slot_number,
714 psa_key_attributes_t *attributes,
715 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
716 {
717 switch (slot_number) {
718 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
719 psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
720 psa_set_key_bits(attributes, 128);
721 psa_set_key_usage_flags(
722 attributes,
723 PSA_KEY_USAGE_ENCRYPT |
724 PSA_KEY_USAGE_DECRYPT |
725 PSA_KEY_USAGE_EXPORT);
726 psa_set_key_algorithm(attributes, PSA_ALG_CTR);
727
728 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
729 return PSA_ERROR_BUFFER_TOO_SMALL;
730 }
731
732 *((psa_drv_slot_number_t *) key_buffer) =
733 PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
734 *key_buffer_length = sizeof(psa_drv_slot_number_t);
735 return PSA_SUCCESS;
736 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
737 psa_set_key_type(
738 attributes,
739 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
740 psa_set_key_bits(attributes, 256);
741 psa_set_key_usage_flags(
742 attributes,
743 PSA_KEY_USAGE_SIGN_HASH |
744 PSA_KEY_USAGE_VERIFY_HASH |
745 PSA_KEY_USAGE_EXPORT);
746 psa_set_key_algorithm(
747 attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
748
749 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
750 return PSA_ERROR_BUFFER_TOO_SMALL;
751 }
752
753 *((psa_drv_slot_number_t *) key_buffer) =
754 PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
755 *key_buffer_length = sizeof(psa_drv_slot_number_t);
756 return PSA_SUCCESS;
757 default:
758 return PSA_ERROR_DOES_NOT_EXIST;
759 }
760 }
761
mbedtls_test_opaque_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)762 psa_status_t mbedtls_test_opaque_copy_key(
763 psa_key_attributes_t *attributes,
764 const uint8_t *source_key, size_t source_key_length,
765 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
766 {
767 /* This is a case where the opaque test driver emulates an SE without storage.
768 * With that all key context is stored in the wrapped buffer.
769 * So no additional house keeping is necessary to reference count the
770 * copied keys. This could change when the opaque test driver is extended
771 * to support SE with storage, or to emulate an SE without storage but
772 * still holding some slot references */
773 if (source_key_length > key_buffer_size) {
774 return PSA_ERROR_BUFFER_TOO_SMALL;
775 }
776
777 memcpy(key_buffer, source_key, source_key_length);
778 *key_buffer_length = source_key_length;
779 (void) attributes;
780 return PSA_SUCCESS;
781 }
782
783 #endif /* PSA_CRYPTO_DRIVER_TEST */
784
