From fc2b797a0757e65eb7bc2be9f799668d8eadc6b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Mar 2023 13:03:58 +0200 Subject: [PATCH 1/9] WIP --- library/ecp.c | 25 +++++++++++++++++++++++-- library/pk_wrap.c | 8 ++++++++ library/pkparse.c | 17 ++++++++++++----- tests/scripts/all.sh | 6 +++--- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_pk.function | 9 +++++++-- 6 files changed, 54 insertions(+), 13 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 08fbe86c732a..be2a645323e9 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -93,7 +93,10 @@ * Counts of point addition and doubling, and field multiplications. * Used to test resistance of point multiplication to simple timing attacks. */ -static unsigned long add_count, dbl_count, mul_count; +#if defined(FULL) +static unsigned long add_count, dbl_count; +#endif /* FULL */ +static unsigned long mul_count; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -320,6 +323,7 @@ int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_RESTARTABLE */ +#if defined(FULL) static void mpi_init_many(mbedtls_mpi *arr, size_t size) { while (size--) { @@ -333,6 +337,7 @@ static void mpi_free_many(mbedtls_mpi *arr, size_t size) mbedtls_mpi_free(arr++); } } +#endif /* FULL */ /* * List of supported curves: @@ -1306,7 +1311,10 @@ static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, mbedtls_mpi_free(&exp); return ret; } +#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ +#if defined(FULL) +#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* * For curves in short Weierstrass form, we do all the internal operations in * Jacobian coordinates. @@ -2723,6 +2731,7 @@ int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, { return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); } +#endif /* FULL */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* @@ -2763,6 +2772,7 @@ static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_p } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ +#if defined(FULL) #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* * R = m * P with shortcuts for m == 0, m == 1 and m == -1 @@ -2914,6 +2924,7 @@ int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ +#endif /* FULL */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) @@ -3159,6 +3170,7 @@ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } +#if defined(FULL) /* * Generate a keypair with configurable base point */ @@ -3200,6 +3212,7 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); } +#endif /* FULL */ #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 @@ -3316,7 +3329,7 @@ int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, return ret; } - +#if defined(FULL) /* * Check a public-private key pair */ @@ -3357,6 +3370,7 @@ int mbedtls_ecp_check_pub_priv( return ret; } +#endif /* FULL */ /* * Export generic key-pair parameters. @@ -3383,6 +3397,7 @@ int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, #if defined(MBEDTLS_SELF_TEST) +#if defined(FULL) /* * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! * @@ -3490,12 +3505,14 @@ static int self_test_point(int verbose, } return ret; } +#endif /* FULL */ /* * Checkup routine */ int mbedtls_ecp_self_test(int verbose) { +#if defined(FULL) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; mbedtls_ecp_point R, P; @@ -3609,6 +3626,10 @@ int mbedtls_ecp_self_test(int verbose) } return ret; +#else /* FULL */ + (void) verbose; + return 0; +#endif /* FULL */ } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4d91f22b2e50..e51f2b4a20ff 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1099,9 +1099,17 @@ static int eckey_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { +#if defined(FULL) return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub, (const mbedtls_ecp_keypair *) prv, f_rng, p_rng); +#else + (void) pub; + (void) prv; + (void) f_rng; + (void) p_rng; + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif } static void *eckey_alloc_wrap(void) diff --git a/library/pkparse.c b/library/pkparse.c index ccca692b7e11..8a54197f436e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -975,11 +975,18 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, } } - if (!pubkey_done && - (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, - f_rng, p_rng)) != 0) { - mbedtls_ecp_keypair_free(eck); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + if (!pubkey_done) { +#if defined(FULL) + if ((ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, + f_rng, p_rng)) != 0) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } +#else + (void) f_rng; + (void) p_rng; + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif } if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 23ad16e12d8b..34d93da6eb99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2239,7 +2239,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DFULL" LDFLAGS="$ASAN_CFLAGS" # Configure and build the main libraries with drivers enabled # ----------------------------------------------------------- @@ -2249,7 +2249,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # Build the library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" -C tests # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2263,7 +2263,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { make test msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA" - tests/ssl-opt.sh + #tests/ssl-opt.sh } # Keep in sync with component_test_psa_crypto_config_accel_all_ec_algs_use_psa diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 71fd4e155373..28545eb08988 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -75,7 +75,7 @@ inline static int mbedtls_ecp_group_cmp(mbedtls_ecp_group *grp1, /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ECP_C + * depends_on:MBEDTLS_ECP_C:FULL * END_DEPENDENCIES */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 20f61fc3be7c..3350508b3408 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,7 +43,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) parameter, 3); } #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_C) && defined(FULL) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { @@ -1219,15 +1219,20 @@ void pk_psa_sign(int parameter_arg, #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) { - mbedtls_ecp_group_id grpid = parameter_arg; /* Create legacy EC public/private key in PK context. */ mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); +#if defined(FULL) + mbedtls_ecp_group_id grpid = parameter_arg; TEST_ASSERT(mbedtls_ecp_gen_key(grpid, (mbedtls_ecp_keypair *) pk.pk_ctx, mbedtls_test_rnd_std_rand, NULL) == 0); +#else + TEST_ASSERT(!"!FULL not supported"); +#endif + alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ From fc0c64e4820bd2ee2431bca06903c15221166170 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 09:22:33 +0200 Subject: [PATCH 2/9] rename FULL symbol to ECP_FULL to be more future proof Signed-off-by: Valerio Setti --- library/ecp.c | 34 ++++++++++++++-------------- library/pk_wrap.c | 6 ++--- library/pkparse.c | 6 ++--- tests/scripts/all.sh | 6 +++-- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_pk.function | 2 +- 6 files changed, 29 insertions(+), 27 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index be2a645323e9..0bf6b932e251 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -93,9 +93,9 @@ * Counts of point addition and doubling, and field multiplications. * Used to test resistance of point multiplication to simple timing attacks. */ -#if defined(FULL) +#if defined(ECP_FULL) static unsigned long add_count, dbl_count; -#endif /* FULL */ +#endif /* ECP_FULL */ static unsigned long mul_count; #endif @@ -323,7 +323,7 @@ int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_RESTARTABLE */ -#if defined(FULL) +#if defined(ECP_FULL) static void mpi_init_many(mbedtls_mpi *arr, size_t size) { while (size--) { @@ -337,7 +337,7 @@ static void mpi_free_many(mbedtls_mpi *arr, size_t size) mbedtls_mpi_free(arr++); } } -#endif /* FULL */ +#endif /* ECP_FULL */ /* * List of supported curves: @@ -1313,7 +1313,7 @@ static int mbedtls_ecp_sw_derive_y(const mbedtls_ecp_group *grp, } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#if defined(FULL) +#if defined(ECP_FULL) #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* * For curves in short Weierstrass form, we do all the internal operations in @@ -2731,7 +2731,7 @@ int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, { return mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL); } -#endif /* FULL */ +#endif /* ECP_FULL */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* @@ -2772,7 +2772,7 @@ static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_p } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#if defined(FULL) +#if defined(ECP_FULL) #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* * R = m * P with shortcuts for m == 0, m == 1 and m == -1 @@ -2924,7 +2924,7 @@ int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ -#endif /* FULL */ +#endif /* ECP_FULL */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) @@ -3170,7 +3170,7 @@ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } -#if defined(FULL) +#if defined(ECP_FULL) /* * Generate a keypair with configurable base point */ @@ -3212,7 +3212,7 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); } -#endif /* FULL */ +#endif /* ECP_FULL */ #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 @@ -3329,7 +3329,7 @@ int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, return ret; } -#if defined(FULL) +#if defined(ECP_FULL) /* * Check a public-private key pair */ @@ -3370,7 +3370,7 @@ int mbedtls_ecp_check_pub_priv( return ret; } -#endif /* FULL */ +#endif /* ECP_FULL */ /* * Export generic key-pair parameters. @@ -3397,7 +3397,7 @@ int mbedtls_ecp_export(const mbedtls_ecp_keypair *key, mbedtls_ecp_group *grp, #if defined(MBEDTLS_SELF_TEST) -#if defined(FULL) +#if defined(ECP_FULL) /* * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! * @@ -3505,14 +3505,14 @@ static int self_test_point(int verbose, } return ret; } -#endif /* FULL */ +#endif /* ECP_FULL */ /* * Checkup routine */ int mbedtls_ecp_self_test(int verbose) { -#if defined(FULL) +#if defined(ECP_FULL) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; mbedtls_ecp_point R, P; @@ -3626,10 +3626,10 @@ int mbedtls_ecp_self_test(int verbose) } return ret; -#else /* FULL */ +#else /* ECP_FULL */ (void) verbose; return 0; -#endif /* FULL */ +#endif /* ECP_FULL */ } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e51f2b4a20ff..f2ff5c57ae77 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1099,17 +1099,17 @@ static int eckey_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { -#if defined(FULL) +#if defined(ECP_FULL) return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub, (const mbedtls_ecp_keypair *) prv, f_rng, p_rng); -#else +#else /* ECP_FULL */ (void) pub; (void) prv; (void) f_rng; (void) p_rng; return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif +#endif /* ECP_FULL */ } static void *eckey_alloc_wrap(void) diff --git a/library/pkparse.c b/library/pkparse.c index 8a54197f436e..c43e6d92a62e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -976,17 +976,17 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, } if (!pubkey_done) { -#if defined(FULL) +#if defined(ECP_FULL) if ((ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } -#else +#else /* ECP_FULL */ (void) f_rng; (void) p_rng; return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif +#endif /* ECP_FULL */ } if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 34d93da6eb99..a91e95631cec 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2239,7 +2239,9 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" loc_accel_flags=$( echo "$loc_accel_list $loc_extra_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DFULL" LDFLAGS="$ASAN_CFLAGS" + # Setting ECP_FULL in order to have full ECP support (including math) on + # the driver side + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DECP_FULL" LDFLAGS="$ASAN_CFLAGS" # Configure and build the main libraries with drivers enabled # ----------------------------------------------------------- @@ -2247,7 +2249,7 @@ component_test_psa_crypto_config_accel_all_ec_algs_use_psa () { # Use the same config as reference, only without built-in EC algs config_psa_crypto_config_all_ec_algs_use_psa 1 - # Build the library + # Build the library (without ECP_FULL) loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" -C tests diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 28545eb08988..a756fa9632b7 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -75,7 +75,7 @@ inline static int mbedtls_ecp_group_cmp(mbedtls_ecp_group *grp1, /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ECP_C:FULL + * depends_on:MBEDTLS_ECP_C:ECP_FULL * END_DEPENDENCIES */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3350508b3408..70b94997127e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,7 +43,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) parameter, 3); } #endif -#if defined(MBEDTLS_ECP_C) && defined(FULL) +#if defined(MBEDTLS_ECP_C) && defined(ECP_FULL) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { From 2bcbc7647bcdce1413383b3a81d23470c27ba0cd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 09:41:52 +0200 Subject: [PATCH 3/9] pkparse: adding temporary ECP_HAS_KEY_GENERATION symbol to pass all tests This symbol will be removed as soon as the proper function (not using MPI) will be added to the ECP module. This symbol can be seen as a sort of "Failure reason is known and its solution is already planned" Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 4ea75a175e75..89cae1b5de21 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -995,11 +995,11 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) @@ -1011,11 +1011,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) @@ -1027,7 +1027,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:ECP_HAS_KEY_GENERATION pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) From e45ea62dd2b30fbd8a7a9d1ed0a28ddee98b22c3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 11:16:09 +0200 Subject: [PATCH 4/9] pk: adding temporary symbol ECP_HAS_CHECK_PAIR for passing tests This mimic the previous temporary symbol added to pkparse, but in this case the idea is to signal the possibility to check private/public key pair. It will be removed as soon as the functionality will be implemented in ECP module Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 64 ++++++++++++++--------------- tests/suites/test_suite_pk.function | 4 +- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index ff1558d828fa..570b50437bb8 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -13,35 +13,35 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" PK utils: ECKEY SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" PK utils: ECKEY_DH SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" PK utils: ECKEY_DH Curve25519 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" PK utils: ECKEY_DH Curve448 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" PK utils: ECDSA SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA" PK utils: ECDSA SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA" PK utils: ECDSA SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA" PK utils: ECDSA SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA" PK PSA utilities: ECDSA setup/free, info functions, unsupported operations @@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDH -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) @@ -369,35 +369,35 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0 ECDSA sign-verify: SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0 ECDSA sign-verify: SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0 ECDSA sign-verify: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0 ECDSA sign-verify: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0 ECDSA sign-verify: BP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0 ECDSA sign-verify: BP512R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0 EC(DSA) sign-verify: SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 EC_DH (no) sign-verify: SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify @@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C:ECP_HAS_CHECK_PAIR mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C:ECP_HAS_CHECK_PAIR mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) @@ -581,40 +581,40 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 PSA wrapped sign: SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 -# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED +# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED:ECP_HAS_KEY_GENERATION # pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 PSA wrapped sign: RSA PKCS1 v1.5 @@ -646,15 +646,15 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:ECP_HAS_KEY_GENERATION pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384:ECP_HAS_KEY_GENERATION pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512:ECP_HAS_KEY_GENERATION pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 70b94997127e..2d34405b887a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1224,13 +1224,13 @@ void pk_psa_sign(int parameter_arg, mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); -#if defined(FULL) +#if defined(ECP_FULL) mbedtls_ecp_group_id grpid = parameter_arg; TEST_ASSERT(mbedtls_ecp_gen_key(grpid, (mbedtls_ecp_keypair *) pk.pk_ctx, mbedtls_test_rnd_std_rand, NULL) == 0); #else - TEST_ASSERT(!"!FULL not supported"); + TEST_ASSERT(!"ECP_HAS_KEY_GENERATION required"); #endif alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); From 55e297ef6f484c9926b35e60abd705dee5ee9fbb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 14:37:10 +0200 Subject: [PATCH 5/9] pk: add alternate (PSA based) function for EC key pair verification This is a first attempt to create an alternative function for EC key pair verification. It is based on PSA functions instead of ECP ones. It is included when the ECP_FULL symbol is not defined. Signed-off-by: Valerio Setti --- library/pk_wrap.c | 106 ++++++++++++++++++++++++++++++-- library/psa_util.c | 2 + tests/suites/test_suite_pk.data | 6 +- 3 files changed, 106 insertions(+), 8 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f2ff5c57ae77..fd03a7d284c1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1095,6 +1095,103 @@ static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#if !defined(ECP_FULL) +/* + * Alternative function used to verify that the EC private/public key pair + * is valid using PSA functions instead of ECP ones. + * The flow is: + * - sign a hash message using the provided private key + * - verify the signature using the public key + */ +static int eckey_alt_check_pair(const void *pub, const void *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + (void)f_rng; + (void)p_rng; + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_ecp_keypair *prv_ctx = (mbedtls_ecp_keypair *) prv; + mbedtls_ecp_keypair *pub_ctx = (mbedtls_ecp_keypair *) pub; + unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; + size_t sig_len = 0; + unsigned char hash[32]; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bits; + psa_ecc_family_t curve = + mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits); + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + size_t key_len = PSA_BITS_TO_BYTES(curve_bits); + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + + memset(hash, 0x2a, sizeof(hash)); + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH); + // TODO: forcing SHA256 because this is included by default when building + // the library (even though it's not granted that the built-in version + // is supported). Is there a more general purpose solution? + psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); + + ret = mbedtls_mpi_write_binary(&prv_ctx->d, key_buf, key_len); + if (ret != 0) { + return ret; + } + + status = psa_import_key(&key_attr, key_buf, key_len, &key_id); + if (status != PSA_SUCCESS) { + ret = PSA_PK_TO_MBEDTLS_ERR(status); + return ret; + } + + status = psa_sign_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), + hash, sizeof(hash), sig, sizeof(sig), &sig_len); + if (status != PSA_SUCCESS) { + ret = PSA_PK_TO_MBEDTLS_ERR(status); + status = psa_destroy_key(key_id); + return (status != PSA_SUCCESS) ? PSA_PK_TO_MBEDTLS_ERR(status) : ret; + } + + status = psa_destroy_key(key_id); + if (status != PSA_SUCCESS) { + return PSA_PK_TO_MBEDTLS_ERR(status); + } + psa_reset_key_attributes(&key_attr); + mbedtls_platform_zeroize(key_buf, sizeof(key_buf)); + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); + + ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &key_len, key_buf, sizeof(key_buf)); + if (ret != 0) { + return ret; + } + + status = psa_import_key(&key_attr, key_buf, key_len, &key_id); + if (status != PSA_SUCCESS) { + ret = PSA_PK_TO_MBEDTLS_ERR(status); + return ret; + } + + status = psa_verify_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), + hash, sizeof(hash), sig, sig_len); + if (status != PSA_SUCCESS) { + ret = PSA_PK_TO_MBEDTLS_ERR(status); + status = psa_destroy_key(key_id); + return (status != PSA_SUCCESS) ? PSA_PK_TO_MBEDTLS_ERR(status) : ret; + } + status = psa_destroy_key(key_id); + if (status != PSA_SUCCESS) { + return PSA_PK_TO_MBEDTLS_ERR(status); + } + + return 0; +} +#endif /* ECP_HAS_CHECK_PAIR */ + static int eckey_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -1104,12 +1201,11 @@ static int eckey_check_pair(const void *pub, const void *prv, (const mbedtls_ecp_keypair *) prv, f_rng, p_rng); #else /* ECP_FULL */ - (void) pub; - (void) prv; - (void) f_rng; - (void) p_rng; - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + return eckey_alt_check_pair((const mbedtls_ecp_keypair *) pub, + (const mbedtls_ecp_keypair *) prv, + f_rng, p_rng); #endif /* ECP_FULL */ + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } static void *eckey_alloc_wrap(void) diff --git a/library/psa_util.c b/library/psa_util.c index 43a10a32c17f..df24ceed7d3d 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -138,6 +138,8 @@ int psa_pk_status_to_mbedtls(psa_status_t status) return MBEDTLS_ERR_PK_ALLOC_FAILED; case PSA_ERROR_BAD_STATE: return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + case PSA_ERROR_INVALID_SIGNATURE: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; case PSA_ERROR_DATA_CORRUPT: case PSA_ERROR_DATA_INVALID: case PSA_ERROR_STORAGE_FAILURE: diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 570b50437bb8..444de416ac7d 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -525,12 +525,12 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C:ECP_HAS_CHECK_PAIR +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C:ECP_HAS_CHECK_PAIR -mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA Check pair #3 (RSA, OK) depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C From 95b30030a5db15c7e48f35b2e43dc76ca92dd74a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 16:07:02 +0200 Subject: [PATCH 6/9] pkparse: adding a function for generating public key from private This is based on PSA functions and helps removing the dependency on ECP_FULL math functions inside the ECP module Signed-off-by: Valerio Setti --- library/pkparse.c | 63 ++++++++++++++++++++++-- tests/suites/test_suite_pkparse.data | 10 ++-- tests/suites/test_suite_pkparse.function | 7 +++ 3 files changed, 72 insertions(+), 8 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index c43e6d92a62e..a89d6aad2d5b 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -868,6 +868,60 @@ static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, } #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + +#if !defined(MBEDTLS_ECP_FULL) +static int pk_derive_public_key(mbedtls_ecp_group *grp, mbedtls_ecp_point *Q, + const mbedtls_mpi *d) +{ + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + size_t curve_bits; + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, &curve_bits); + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + size_t key_len = PSA_BITS_TO_BYTES(curve_bits); + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + int ret; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + + ret = mbedtls_mpi_write_binary(d, key_buf, key_len); + if (ret != 0) { + return ret; + } + + status = psa_import_key(&key_attr, key_buf, key_len, &key_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } + + mbedtls_platform_zeroize(key_buf, sizeof(key_buf)); + status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + status = psa_destroy_key(key_id); + return (status != PSA_SUCCESS) ? psa_pk_status_to_mbedtls(status) : ret; + } + + ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); + + status = psa_destroy_key(key_id); + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); + } + + return ret; +} +#endif /* MBEDTLS_ECP_FULL */ + #if defined(MBEDTLS_ECP_C) /* * Parse a SEC1 encoded private EC key @@ -983,9 +1037,12 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #else /* ECP_FULL */ - (void) f_rng; - (void) p_rng; - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + (void)f_rng; + (void)p_rng; + if ((ret = pk_derive_public_key(&eck->grp, &eck->Q, &eck->d)) != 0) { + mbedtls_ecp_keypair_free(eck); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } #endif /* ECP_FULL */ } diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 89cae1b5de21..4ea75a175e75 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -995,11 +995,11 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) @@ -1011,11 +1011,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) @@ -1027,7 +1027,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 1a6858f2e125..5e4f3b770447 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -101,6 +101,10 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) mbedtls_pk_context ctx; int res; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_INIT(); +#endif + mbedtls_pk_init(&ctx); res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, @@ -117,6 +121,9 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) exit: mbedtls_pk_free(&ctx); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_DONE(); +#endif } /* END_CASE */ From 0c22798684bed3d09cee0dc7426fa0a4c4ea9d10 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 Mar 2023 17:57:15 +0200 Subject: [PATCH 7/9] ecp: adding alternate function for key-pair derivation based on PSA This is an alternative function for key-pair generation when ECP_FULL is not enabled; in this case PSA based functions are used instead. Signed-off-by: Valerio Setti --- include/mbedtls/ecp.h | 5 +++ library/ecp.c | 66 ++++++++++++++++++++++++++++- library/pk_wrap.c | 2 +- library/pkparse.c | 16 +++---- tests/suites/test_suite_pk.data | 60 +++++++++++++------------- tests/suites/test_suite_pk.function | 21 ++++++--- 6 files changed, 124 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b6144d9aebdc..6ada84f35ef5 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1214,10 +1214,15 @@ int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ +#if defined(ECP_FULL) int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +#else +int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, + mbedtls_ecp_point *Q); +#endif /** * \brief This function generates an ECP key. diff --git a/library/ecp.c b/library/ecp.c index 0bf6b932e251..15741689eb61 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -82,6 +82,14 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + #if !defined(MBEDTLS_ECP_ALT) #include "mbedtls/platform.h" @@ -3198,6 +3206,57 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, { return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); } +#else /* ECP_FULL */ +int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q) +{ + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + size_t curve_bits; + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, + &curve_bits); + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + int ret; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_bits(&key_attr, curve_bits); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + + status = psa_generate_key(&key_attr, &key_id); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_mpi_read_binary(d, key_buf, key_len); + if (ret != 0) { + return ret; + } + + status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), + &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); + if (ret != 0) { + return ret; + } + + psa_destroy_key(key_id); + + return 0; +} +#endif /* ECP_FULL */ /* * Generate a keypair, prettier wrapper @@ -3210,9 +3269,14 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, return ret; } +#if defined(ECP_FULL) return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); +#else + (void)f_rng; + (void)p_rng; + return mbedtls_ecp_alt_gen_keypair(&key->grp, &key->d, &key->Q); +#endif } -#endif /* ECP_FULL */ #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fd03a7d284c1..c9c5a0de4bbb 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1190,7 +1190,7 @@ static int eckey_alt_check_pair(const void *pub, const void *prv, return 0; } -#endif /* ECP_HAS_CHECK_PAIR */ +#endif /* ECP_FULL */ static int eckey_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), diff --git a/library/pkparse.c b/library/pkparse.c index a89d6aad2d5b..f08697c8291a 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -48,6 +48,14 @@ #include "mbedtls/pkcs12.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + #include "mbedtls/platform.h" #if defined(MBEDTLS_FS_IO) @@ -868,14 +876,6 @@ static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#include "mbedtls/psa_util.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - #if !defined(MBEDTLS_ECP_FULL) static int pk_derive_public_key(mbedtls_ecp_group *grp, mbedtls_ecp_point *Q, const mbedtls_mpi *d) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 444de416ac7d..3c5f3cbc839a 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -13,35 +13,35 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" PK utils: ECKEY SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" PK utils: ECKEY_DH SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" PK utils: ECKEY_DH Curve25519 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" PK utils: ECKEY_DH Curve448 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" PK utils: ECDSA SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:192:24:"ECDSA" PK utils: ECDSA SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA" PK utils: ECDSA SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA" PK utils: ECDSA SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA" PK PSA utilities: ECDSA setup/free, info functions, unsupported operations @@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDH -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) @@ -369,35 +369,35 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"30430220685a6994daa6a14e4411b5267edc2a00beee907f2dddd956b2a5a1df791c15f8021f675db4538c000c734489ac737fddd5a739c5a23cd6c6eceea70c286ca4fac9":0 ECDSA sign-verify: SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0 ECDSA sign-verify: SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0 ECDSA sign-verify: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0 ECDSA sign-verify: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0 ECDSA sign-verify: BP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0 ECDSA sign-verify: BP512R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0 EC(DSA) sign-verify: SECP192R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 EC_DH (no) sign-verify: SECP192R1 -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify @@ -581,40 +581,40 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 PSA wrapped sign: SECP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP192K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 -# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED:ECP_HAS_KEY_GENERATION +# depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP224K1_ENABLED # pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 PSA wrapped sign: RSA PKCS1 v1.5 @@ -646,15 +646,15 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384 pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512:ECP_HAS_KEY_GENERATION +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA512 pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 PK wrapped Sign ext:RSA2048,PK_RSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2d34405b887a..8bba050a88b9 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -43,7 +43,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) parameter, 3); } #endif -#if defined(MBEDTLS_ECP_C) && defined(ECP_FULL) +#if defined(MBEDTLS_ECP_C) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { @@ -53,12 +53,18 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) return ret; } +#if defined(ECP_FULL) return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp, &mbedtls_pk_ec(*pk)->d, &mbedtls_pk_ec(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); +#else /* ECP_FULL */ + return mbedtls_ecp_alt_gen_keypair(&mbedtls_pk_ec(*pk)->grp, + &mbedtls_pk_ec(*pk)->d, + &mbedtls_pk_ec(*pk)->Q); +#endif /* ECP_FULL */ } -#endif +#endif /* MBEDTLS_ECP_C */ return -1; } @@ -462,6 +468,10 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name) { mbedtls_pk_context pk; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_INIT(); +#endif + mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); @@ -475,6 +485,9 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_DONE(); +#endif } /* END_CASE */ @@ -1224,14 +1237,10 @@ void pk_psa_sign(int parameter_arg, mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); -#if defined(ECP_FULL) mbedtls_ecp_group_id grpid = parameter_arg; TEST_ASSERT(mbedtls_ecp_gen_key(grpid, (mbedtls_ecp_keypair *) pk.pk_ctx, mbedtls_test_rnd_std_rand, NULL) == 0); -#else - TEST_ASSERT(!"ECP_HAS_KEY_GENERATION required"); -#endif alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); } else From d064b4a900047be86f57d55d15bdf720ec639d95 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Apr 2023 11:48:16 +0200 Subject: [PATCH 8/9] pk: keep function for generating EC keypair in test_suite_pk Signed-off-by: Valerio Setti --- include/mbedtls/ecp.h | 5 +-- library/ecp.c | 66 +---------------------------- tests/suites/test_suite_pk.function | 64 +++++++++++++++++++++++++--- 3 files changed, 60 insertions(+), 75 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 6ada84f35ef5..4fdc9729c207 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1219,10 +1219,6 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -#else -int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, - mbedtls_ecp_point *Q); -#endif /** * \brief This function generates an ECP key. @@ -1240,6 +1236,7 @@ int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +#endif /** * \brief This function reads an elliptic curve private key. diff --git a/library/ecp.c b/library/ecp.c index 15741689eb61..0bf6b932e251 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -82,14 +82,6 @@ #include -#if defined(MBEDTLS_PSA_CRYPTO_C) -#include "mbedtls/psa_util.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - #if !defined(MBEDTLS_ECP_ALT) #include "mbedtls/platform.h" @@ -3206,57 +3198,6 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, { return mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng); } -#else /* ECP_FULL */ -int mbedtls_ecp_alt_gen_keypair(mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q) -{ - psa_status_t status; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - size_t curve_bits; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, - &curve_bits); - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; - int ret; - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); - psa_set_key_bits(&key_attr, curve_bits); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - - status = psa_generate_key(&key_attr, &key_id); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(key_id); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - ret = mbedtls_mpi_read_binary(d, key_buf, key_len); - if (ret != 0) { - return ret; - } - - status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), - &key_len); - if (status != PSA_SUCCESS) { - psa_destroy_key(key_id); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); - if (ret != 0) { - return ret; - } - - psa_destroy_key(key_id); - - return 0; -} -#endif /* ECP_FULL */ /* * Generate a keypair, prettier wrapper @@ -3269,14 +3210,9 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, return ret; } -#if defined(ECP_FULL) return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); -#else - (void)f_rng; - (void)p_rng; - return mbedtls_ecp_alt_gen_keypair(&key->grp, &key->d, &key->Q); -#endif } +#endif /* ECP_FULL */ #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8bba050a88b9..19071a360ce3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -17,9 +17,63 @@ * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#endif + #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 +static int gen_ec_keypair(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q) +{ + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + size_t curve_bits; + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, + &curve_bits); + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + int ret; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_bits(&key_attr, curve_bits); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + + status = psa_generate_key(&key_attr, &key_id); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_mpi_read_binary(d, key_buf, key_len); + if (ret != 0) { + return ret; + } + + status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), + &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); + if (ret != 0) { + return ret; + } + + psa_destroy_key(key_id); + + return 0; +} + /** Generate a key of the desired type. * * \param pk The PK object to fill. It must have been initialized @@ -59,9 +113,9 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) &mbedtls_pk_ec(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); #else /* ECP_FULL */ - return mbedtls_ecp_alt_gen_keypair(&mbedtls_pk_ec(*pk)->grp, - &mbedtls_pk_ec(*pk)->d, - &mbedtls_pk_ec(*pk)->Q); + return gen_ec_keypair(&mbedtls_pk_ec(*pk)->grp, + &mbedtls_pk_ec(*pk)->d, + &mbedtls_pk_ec(*pk)->Q); #endif /* ECP_FULL */ } #endif /* MBEDTLS_ECP_C */ @@ -1238,9 +1292,7 @@ void pk_psa_sign(int parameter_arg, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); mbedtls_ecp_group_id grpid = parameter_arg; - TEST_ASSERT(mbedtls_ecp_gen_key(grpid, - (mbedtls_ecp_keypair *) pk.pk_ctx, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(pk_genkey(&pk, grpid) == 0); alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); } else From 1b10c2b41eb83469354c8df43b59b7b7e21e156a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Apr 2023 13:55:53 +0200 Subject: [PATCH 9/9] pk_wrap: improve eckey_alt_check_pair() function Albeit using the sign/verify technique for verifying the private/public key pair works fine, it imposes requirements on the supported SHA algorithm which is not great. Here we move to a new approach which simply imports: - imports the private key to PSA and extracts its public part - write the public key to be checked to a local buffer in raw format - compares the two results Signed-off-by: Valerio Setti --- library/pk_wrap.c | 65 +++++++++++++++-------------------------------- 1 file changed, 21 insertions(+), 44 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c9c5a0de4bbb..bc0d0e4379db 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1100,8 +1100,9 @@ static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, * Alternative function used to verify that the EC private/public key pair * is valid using PSA functions instead of ECP ones. * The flow is: - * - sign a hash message using the provided private key - * - verify the signature using the public key + * - import the private key "prv" to PSA and export its public part + * - write the raw content of public key "pub" to a local buffer + * - compare the two buffers */ static int eckey_alt_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), @@ -1113,39 +1114,35 @@ static int eckey_alt_check_pair(const void *pub, const void *prv, psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; mbedtls_ecp_keypair *prv_ctx = (mbedtls_ecp_keypair *) prv; mbedtls_ecp_keypair *pub_ctx = (mbedtls_ecp_keypair *) pub; - unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; - size_t sig_len = 0; - unsigned char hash[32]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + size_t prv_key_len; + uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t pub_key_len; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits); - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; - size_t key_len = PSA_BITS_TO_BYTES(curve_bits); - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - - memset(hash, 0x2a, sizeof(hash)); + size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_SIGN_HASH); - // TODO: forcing SHA256 because this is included by default when building - // the library (even though it's not granted that the built-in version - // is supported). Is there a more general purpose solution? - psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - ret = mbedtls_mpi_write_binary(&prv_ctx->d, key_buf, key_len); + ret = mbedtls_mpi_write_binary(&prv_ctx->d, prv_key_buf, curve_bytes); if (ret != 0) { return ret; } - status = psa_import_key(&key_attr, key_buf, key_len, &key_id); + status = psa_import_key(&key_attr, prv_key_buf, curve_bytes, &key_id); if (status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); return ret; } - status = psa_sign_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - hash, sizeof(hash), sig, sizeof(sig), &sig_len); + mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf)); + + status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), + &prv_key_len); if (status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); status = psa_destroy_key(key_id); @@ -1156,38 +1153,18 @@ static int eckey_alt_check_pair(const void *pub, const void *prv, if (status != PSA_SUCCESS) { return PSA_PK_TO_MBEDTLS_ERR(status); } - psa_reset_key_attributes(&key_attr); - mbedtls_platform_zeroize(key_buf, sizeof(key_buf)); - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &key_len, key_buf, sizeof(key_buf)); + MBEDTLS_ECP_PF_UNCOMPRESSED, + &pub_key_len, pub_key_buf, sizeof(pub_key_buf)); if (ret != 0) { return ret; } - status = psa_import_key(&key_attr, key_buf, key_len, &key_id); - if (status != PSA_SUCCESS) { - ret = PSA_PK_TO_MBEDTLS_ERR(status); - return ret; - } - - status = psa_verify_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - hash, sizeof(hash), sig, sig_len); - if (status != PSA_SUCCESS) { - ret = PSA_PK_TO_MBEDTLS_ERR(status); - status = psa_destroy_key(key_id); - return (status != PSA_SUCCESS) ? PSA_PK_TO_MBEDTLS_ERR(status) : ret; - } - status = psa_destroy_key(key_id); - if (status != PSA_SUCCESS) { - return PSA_PK_TO_MBEDTLS_ERR(status); + if (memcmp(prv_key_buf, pub_key_buf, curve_bytes) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - + return 0; } #endif /* ECP_FULL */