1/* 2 * Test driver for generating and verifying keys. 3 * Currently only supports generating and verifying ECC keys. 4 */ 5/* Copyright The Mbed TLS Contributors 6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7 */ 8 9#include <test/helpers.h> 10 11#if defined(PSA_CRYPTO_DRIVER_TEST) 12#include "psa/crypto.h" 13#include "psa_crypto_core.h" 14#include "psa_crypto_ecp.h" 15#include "psa_crypto_rsa.h" 16#include "psa_crypto_ffdh.h" 17#include "mbedtls/ecp.h" 18#include "mbedtls/error.h" 19 20#include "test/drivers/key_management.h" 21#include "test/drivers/test_driver.h" 22 23#include "test/random.h" 24 25#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) 26#include "libtestdriver1/library/psa_crypto_ecp.h" 27#include "libtestdriver1/library/psa_crypto_rsa.h" 28#include "libtestdriver1/library/psa_crypto_ffdh.h" 29#endif 30 31#include <string.h> 32 33mbedtls_test_driver_key_management_hooks_t 34 mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT; 35 36const uint8_t mbedtls_test_driver_aes_key[16] = 37{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46, 38 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 }; 39const uint8_t mbedtls_test_driver_ecdsa_key[32] = 40{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63, 41 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18, 42 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7, 43 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a }; 44const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] = 45{ 0x04, 46 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c, 47 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44, 48 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a, 49 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19, 50 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31, 51 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b, 52 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79, 53 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c }; 54 55psa_status_t mbedtls_test_transparent_init(void) 56{ 57 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 58 59#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) 60 status = libtestdriver1_psa_crypto_init(); 61 if (status != PSA_SUCCESS) { 62 return status; 63 } 64#endif 65 66 (void) status; 67 return PSA_SUCCESS; 68} 69 70void mbedtls_test_transparent_free(void) 71{ 72#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) 73 libtestdriver1_mbedtls_psa_crypto_free(); 74#endif 75 76 return; 77} 78 79psa_status_t mbedtls_test_opaque_init(void) 80{ 81 return PSA_SUCCESS; 82} 83 84void mbedtls_test_opaque_free(void) 85{ 86 return; 87} 88 89/* 90 * This macro returns the base size for the key context when SE does not 91 * support storage. It is the size of the metadata that gets added to the 92 * wrapped key. In its test functionality the metadata is just some padded 93 * prefixing to the key. 94 */ 95#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \ 96 PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE 97 98 99size_t mbedtls_test_opaque_size_function( 100 const psa_key_type_t key_type, 101 const size_t key_bits) 102{ 103 size_t key_buffer_size = 0; 104 105 key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits); 106 if (key_buffer_size == 0) { 107 return 0; 108 } 109 /* Include spacing for base size overhead over the key size 110 * */ 111 key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; 112 return key_buffer_size; 113} 114 115static size_t mbedtls_test_opaque_get_base_size() 116{ 117 return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE; 118} 119 120/* 121 * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the 122 * clear key. It expects the clear and wrap buffers to be passed in. 123 * key_length is the size of the clear key to be wrapped. 124 * wrapped_key_buffer_size is the size of the output buffer wrap_key. 125 * The argument wrapped_key_buffer_length is filled with the wrapped 126 * key_size on success. 127 * */ 128static psa_status_t mbedtls_test_opaque_wrap_key( 129 const uint8_t *key, 130 size_t key_length, 131 uint8_t *wrapped_key_buffer, 132 size_t wrapped_key_buffer_size, 133 size_t *wrapped_key_buffer_length) 134{ 135 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); 136 uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX; 137 138 if (key_length + opaque_key_base_size > wrapped_key_buffer_size) { 139 return PSA_ERROR_BUFFER_TOO_SMALL; 140 } 141 142 /* Write in the opaque pad prefix */ 143 memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size); 144 wrapped_key_buffer += opaque_key_base_size; 145 *wrapped_key_buffer_length = key_length + opaque_key_base_size; 146 147 while (key_length--) { 148 wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF; 149 } 150 return PSA_SUCCESS; 151} 152 153/* 154 * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix 155 * and unwraps the wrapped key. It expects the clear and wrap buffers to be 156 * passed in. 157 * wrapped_key_length is the size of the wrapped key, 158 * key_buffer_size is the size of the output buffer clear_key. 159 * The argument key_buffer_length is filled with the unwrapped(clear) 160 * key_size on success. 161 * */ 162psa_status_t mbedtls_test_opaque_unwrap_key( 163 const uint8_t *wrapped_key, 164 size_t wrapped_key_length, 165 uint8_t *key_buffer, 166 size_t key_buffer_size, 167 size_t *key_buffer_length) 168{ 169 /* Remove the pad prefix from the wrapped key */ 170 size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size(); 171 size_t clear_key_size; 172 173 /* Check for underflow */ 174 if (wrapped_key_length < opaque_key_base_size) { 175 return PSA_ERROR_DATA_CORRUPT; 176 } 177 clear_key_size = wrapped_key_length - opaque_key_base_size; 178 179 wrapped_key += opaque_key_base_size; 180 if (clear_key_size > key_buffer_size) { 181 return PSA_ERROR_BUFFER_TOO_SMALL; 182 } 183 184 *key_buffer_length = clear_key_size; 185 while (clear_key_size--) { 186 key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF; 187 } 188 return PSA_SUCCESS; 189} 190 191psa_status_t mbedtls_test_transparent_generate_key( 192 const psa_key_attributes_t *attributes, 193 uint8_t *key, size_t key_size, size_t *key_length) 194{ 195 ++mbedtls_test_driver_key_management_hooks.hits; 196 197 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { 198 return mbedtls_test_driver_key_management_hooks.forced_status; 199 } 200 201 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { 202 if (mbedtls_test_driver_key_management_hooks.forced_output_length > 203 key_size) { 204 return PSA_ERROR_BUFFER_TOO_SMALL; 205 } 206 memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output, 207 mbedtls_test_driver_key_management_hooks.forced_output_length); 208 *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length; 209 return PSA_SUCCESS; 210 } 211 212 if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes)) 213 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { 214#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 215 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) 216 return libtestdriver1_mbedtls_psa_ecp_generate_key( 217 (const libtestdriver1_psa_key_attributes_t *) attributes, 218 key, key_size, key_length); 219#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) 220 return mbedtls_psa_ecp_generate_key( 221 attributes, key, key_size, key_length); 222#endif 223 } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) { 224#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 225 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) 226 return libtestdriver1_mbedtls_psa_rsa_generate_key( 227 (const libtestdriver1_psa_key_attributes_t *) attributes, 228 NULL, 0, /* We don't support custom e in the test driver yet */ 229 key, key_size, key_length); 230#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) 231 return mbedtls_psa_rsa_generate_key( 232 attributes, 233 NULL, 0, /* We don't support custom e in the test driver yet */ 234 key, key_size, key_length); 235#endif 236 } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) 237 && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { 238#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 239 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) 240 return libtestdriver1_mbedtls_psa_ffdh_generate_key( 241 (const libtestdriver1_psa_key_attributes_t *) attributes, 242 key, key_size, key_length); 243#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) 244 return mbedtls_psa_ffdh_generate_key( 245 attributes, key, key_size, key_length); 246#endif 247 } 248 249 (void) attributes; 250 return PSA_ERROR_NOT_SUPPORTED; 251} 252 253psa_status_t mbedtls_test_opaque_generate_key( 254 const psa_key_attributes_t *attributes, 255 uint8_t *key, size_t key_size, size_t *key_length) 256{ 257 (void) attributes; 258 (void) key; 259 (void) key_size; 260 (void) key_length; 261 return PSA_ERROR_NOT_SUPPORTED; 262} 263 264psa_status_t mbedtls_test_transparent_import_key( 265 const psa_key_attributes_t *attributes, 266 const uint8_t *data, 267 size_t data_length, 268 uint8_t *key_buffer, 269 size_t key_buffer_size, 270 size_t *key_buffer_length, 271 size_t *bits) 272{ 273 psa_key_type_t type = psa_get_key_type(attributes); 274 275 ++mbedtls_test_driver_key_management_hooks.hits; 276 mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE; 277 278 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { 279 return mbedtls_test_driver_key_management_hooks.forced_status; 280 } 281 282 if (PSA_KEY_TYPE_IS_ECC(type)) { 283#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 284 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ 285 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) 286 return libtestdriver1_mbedtls_psa_ecp_import_key( 287 (const libtestdriver1_psa_key_attributes_t *) attributes, 288 data, data_length, 289 key_buffer, key_buffer_size, 290 key_buffer_length, bits); 291#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ 292 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) 293 return mbedtls_psa_ecp_import_key( 294 attributes, 295 data, data_length, 296 key_buffer, key_buffer_size, 297 key_buffer_length, bits); 298#endif 299 } else if (PSA_KEY_TYPE_IS_RSA(type)) { 300#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 301 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ 302 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) 303 return libtestdriver1_mbedtls_psa_rsa_import_key( 304 (const libtestdriver1_psa_key_attributes_t *) attributes, 305 data, data_length, 306 key_buffer, key_buffer_size, 307 key_buffer_length, bits); 308#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ 309 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) 310 return mbedtls_psa_rsa_import_key( 311 attributes, 312 data, data_length, 313 key_buffer, key_buffer_size, 314 key_buffer_length, bits); 315#endif 316 } else if (PSA_KEY_TYPE_IS_DH(type)) { 317#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 318 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ 319 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) 320 return libtestdriver1_mbedtls_psa_ffdh_import_key( 321 (const libtestdriver1_psa_key_attributes_t *) attributes, 322 data, data_length, 323 key_buffer, key_buffer_size, 324 key_buffer_length, bits); 325#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ 326 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) 327 return mbedtls_psa_ffdh_import_key( 328 attributes, 329 data, data_length, 330 key_buffer, key_buffer_size, 331 key_buffer_length, bits); 332#endif 333 } 334 (void) data; 335 (void) data_length; 336 (void) key_buffer; 337 (void) key_buffer_size; 338 (void) key_buffer_length; 339 (void) bits; 340 (void) type; 341 342 return PSA_ERROR_NOT_SUPPORTED; 343} 344 345 346psa_status_t mbedtls_test_opaque_import_key( 347 const psa_key_attributes_t *attributes, 348 const uint8_t *data, 349 size_t data_length, 350 uint8_t *key_buffer, 351 size_t key_buffer_size, 352 size_t *key_buffer_length, 353 size_t *bits) 354{ 355 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 356 psa_key_type_t type = psa_get_key_type(attributes); 357 /* This buffer will be used as an intermediate placeholder for 358 * the clear key till we wrap it */ 359 uint8_t *key_buffer_temp; 360 361 ++mbedtls_test_driver_key_management_hooks.hits; 362 mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION; 363 364 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { 365 return mbedtls_test_driver_key_management_hooks.forced_status; 366 } 367 368 key_buffer_temp = mbedtls_calloc(1, key_buffer_size); 369 if (key_buffer_temp == NULL) { 370 return PSA_ERROR_INSUFFICIENT_MEMORY; 371 } 372 373 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) { 374 *bits = PSA_BYTES_TO_BITS(data_length); 375 376 status = psa_validate_unstructured_key_bit_size(type, 377 *bits); 378 if (status != PSA_SUCCESS) { 379 goto exit; 380 } 381 382 if (data_length > key_buffer_size) { 383 return PSA_ERROR_BUFFER_TOO_SMALL; 384 } 385 386 /* Copy the key material accounting for opaque key padding. */ 387 memcpy(key_buffer_temp, data, data_length); 388 *key_buffer_length = data_length; 389 } else if (PSA_KEY_TYPE_IS_ECC(type)) { 390#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 391 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ 392 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) 393 status = libtestdriver1_mbedtls_psa_ecp_import_key( 394 (const libtestdriver1_psa_key_attributes_t *) attributes, 395 data, data_length, 396 key_buffer_temp, key_buffer_size, 397 key_buffer_length, bits); 398#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ 399 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) 400 status = mbedtls_psa_ecp_import_key( 401 attributes, 402 data, data_length, 403 key_buffer_temp, key_buffer_size, 404 key_buffer_length, bits); 405#else 406 status = PSA_ERROR_NOT_SUPPORTED; 407#endif 408 if (status != PSA_SUCCESS) { 409 goto exit; 410 } 411 } else if (PSA_KEY_TYPE_IS_RSA(type)) { 412#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 413 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ 414 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) 415 status = libtestdriver1_mbedtls_psa_rsa_import_key( 416 (const libtestdriver1_psa_key_attributes_t *) attributes, 417 data, data_length, 418 key_buffer_temp, key_buffer_size, 419 key_buffer_length, bits); 420#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \ 421 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) 422 status = mbedtls_psa_rsa_import_key( 423 attributes, 424 data, data_length, 425 key_buffer_temp, key_buffer_size, 426 key_buffer_length, bits); 427#else 428 status = PSA_ERROR_NOT_SUPPORTED; 429#endif 430 if (status != PSA_SUCCESS) { 431 goto exit; 432 } 433 } else { 434 status = PSA_ERROR_INVALID_ARGUMENT; 435 goto exit; 436 } 437 438 status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length, 439 key_buffer, key_buffer_size, key_buffer_length); 440exit: 441 mbedtls_free(key_buffer_temp); 442 return status; 443} 444 445psa_status_t mbedtls_test_opaque_export_key( 446 const psa_key_attributes_t *attributes, 447 const uint8_t *key, size_t key_length, 448 uint8_t *data, size_t data_size, size_t *data_length) 449{ 450 if (key_length == sizeof(psa_drv_slot_number_t)) { 451 /* Assume this is a builtin key based on the key material length. */ 452 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); 453 454 switch (slot_number) { 455 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: 456 /* This is the ECDSA slot. Verify the key's attributes before 457 * returning the private key. */ 458 if (psa_get_key_type(attributes) != 459 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { 460 return PSA_ERROR_CORRUPTION_DETECTED; 461 } 462 if (psa_get_key_bits(attributes) != 256) { 463 return PSA_ERROR_CORRUPTION_DETECTED; 464 } 465 if (psa_get_key_algorithm(attributes) != 466 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { 467 return PSA_ERROR_CORRUPTION_DETECTED; 468 } 469 if ((psa_get_key_usage_flags(attributes) & 470 PSA_KEY_USAGE_EXPORT) == 0) { 471 return PSA_ERROR_CORRUPTION_DETECTED; 472 } 473 474 if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) { 475 return PSA_ERROR_BUFFER_TOO_SMALL; 476 } 477 478 memcpy(data, mbedtls_test_driver_ecdsa_key, 479 sizeof(mbedtls_test_driver_ecdsa_key)); 480 *data_length = sizeof(mbedtls_test_driver_ecdsa_key); 481 return PSA_SUCCESS; 482 483 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: 484 /* This is the AES slot. Verify the key's attributes before 485 * returning the key. */ 486 if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) { 487 return PSA_ERROR_CORRUPTION_DETECTED; 488 } 489 if (psa_get_key_bits(attributes) != 128) { 490 return PSA_ERROR_CORRUPTION_DETECTED; 491 } 492 if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) { 493 return PSA_ERROR_CORRUPTION_DETECTED; 494 } 495 if ((psa_get_key_usage_flags(attributes) & 496 PSA_KEY_USAGE_EXPORT) == 0) { 497 return PSA_ERROR_CORRUPTION_DETECTED; 498 } 499 500 if (data_size < sizeof(mbedtls_test_driver_aes_key)) { 501 return PSA_ERROR_BUFFER_TOO_SMALL; 502 } 503 504 memcpy(data, mbedtls_test_driver_aes_key, 505 sizeof(mbedtls_test_driver_aes_key)); 506 *data_length = sizeof(mbedtls_test_driver_aes_key); 507 return PSA_SUCCESS; 508 509 default: 510 return PSA_ERROR_DOES_NOT_EXIST; 511 } 512 } else { 513 /* This buffer will be used as an intermediate placeholder for 514 * the opaque key till we unwrap the key into key_buffer */ 515 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 516 psa_key_type_t type = psa_get_key_type(attributes); 517 518 if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) || 519 PSA_KEY_TYPE_IS_RSA(type) || 520 PSA_KEY_TYPE_IS_ECC(type)) { 521 status = mbedtls_test_opaque_unwrap_key(key, key_length, 522 data, data_size, data_length); 523 return status; 524 } 525 } 526 return PSA_ERROR_NOT_SUPPORTED; 527} 528 529psa_status_t mbedtls_test_transparent_export_public_key( 530 const psa_key_attributes_t *attributes, 531 const uint8_t *key_buffer, size_t key_buffer_size, 532 uint8_t *data, size_t data_size, size_t *data_length) 533{ 534 ++mbedtls_test_driver_key_management_hooks.hits; 535 ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; 536 537 if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { 538 return mbedtls_test_driver_key_management_hooks.forced_status; 539 } 540 541 if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) { 542 if (mbedtls_test_driver_key_management_hooks.forced_output_length > 543 data_size) { 544 return PSA_ERROR_BUFFER_TOO_SMALL; 545 } 546 memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output, 547 mbedtls_test_driver_key_management_hooks.forced_output_length); 548 *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length; 549 return PSA_SUCCESS; 550 } 551 552 psa_key_type_t key_type = psa_get_key_type(attributes); 553 554 if (PSA_KEY_TYPE_IS_ECC(key_type)) { 555#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 556 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ 557 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)) 558 return libtestdriver1_mbedtls_psa_ecp_export_public_key( 559 (const libtestdriver1_psa_key_attributes_t *) attributes, 560 key_buffer, key_buffer_size, 561 data, data_size, data_length); 562#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ 563 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) 564 return mbedtls_psa_ecp_export_public_key( 565 attributes, 566 key_buffer, key_buffer_size, 567 data, data_size, data_length); 568#endif 569 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { 570#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 571 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ 572 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)) 573 return libtestdriver1_mbedtls_psa_rsa_export_public_key( 574 (const libtestdriver1_psa_key_attributes_t *) attributes, 575 key_buffer, key_buffer_size, 576 data, data_size, data_length); 577#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ 578 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) 579 return mbedtls_psa_rsa_export_public_key( 580 attributes, 581 key_buffer, key_buffer_size, 582 data, data_size, data_length); 583#endif 584 } else if (PSA_KEY_TYPE_IS_DH(key_type)) { 585#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 586 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ 587 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) 588 return libtestdriver1_mbedtls_psa_ffdh_export_public_key( 589 (const libtestdriver1_psa_key_attributes_t *) attributes, 590 key_buffer, key_buffer_size, 591 data, data_size, data_length); 592#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ 593 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) 594 return mbedtls_psa_ffdh_export_public_key( 595 attributes, 596 key_buffer, key_buffer_size, 597 data, data_size, data_length); 598#endif 599 } 600 601 (void) key_buffer; 602 (void) key_buffer_size; 603 (void) key_type; 604 605 return PSA_ERROR_NOT_SUPPORTED; 606} 607 608psa_status_t mbedtls_test_opaque_export_public_key( 609 const psa_key_attributes_t *attributes, 610 const uint8_t *key, size_t key_length, 611 uint8_t *data, size_t data_size, size_t *data_length) 612{ 613 if (key_length != sizeof(psa_drv_slot_number_t)) { 614 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 615 psa_key_type_t key_type = psa_get_key_type(attributes); 616 uint8_t *key_buffer_temp; 617 618 key_buffer_temp = mbedtls_calloc(1, key_length); 619 if (key_buffer_temp == NULL) { 620 return PSA_ERROR_INSUFFICIENT_MEMORY; 621 } 622 623 if (PSA_KEY_TYPE_IS_ECC(key_type)) { 624 status = mbedtls_test_opaque_unwrap_key(key, key_length, 625 key_buffer_temp, key_length, data_length); 626 if (status == PSA_SUCCESS) { 627#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 628 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ 629 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) 630 status = libtestdriver1_mbedtls_psa_ecp_export_public_key( 631 (const libtestdriver1_psa_key_attributes_t *) attributes, 632 key_buffer_temp, *data_length, 633 data, data_size, data_length); 634#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ 635 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) 636 status = mbedtls_psa_ecp_export_public_key( 637 attributes, 638 key_buffer_temp, *data_length, 639 data, data_size, data_length); 640#else 641 status = PSA_ERROR_NOT_SUPPORTED; 642#endif 643 } 644 } else if (PSA_KEY_TYPE_IS_RSA(key_type)) { 645 status = mbedtls_test_opaque_unwrap_key(key, key_length, 646 key_buffer_temp, key_length, data_length); 647 if (status == PSA_SUCCESS) { 648#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ 649 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ 650 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)) 651 status = libtestdriver1_mbedtls_psa_rsa_export_public_key( 652 (const libtestdriver1_psa_key_attributes_t *) attributes, 653 key_buffer_temp, *data_length, 654 data, data_size, data_length); 655#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ 656 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) 657 status = mbedtls_psa_rsa_export_public_key( 658 attributes, 659 key_buffer_temp, *data_length, 660 data, data_size, data_length); 661#else 662 status = PSA_ERROR_NOT_SUPPORTED; 663#endif 664 } 665 } else { 666 status = PSA_ERROR_NOT_SUPPORTED; 667 (void) key; 668 (void) key_type; 669 } 670 mbedtls_free(key_buffer_temp); 671 return status; 672 } 673 674 /* Assume this is a builtin key based on the key material length. */ 675 psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key); 676 switch (slot_number) { 677 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: 678 /* This is the ECDSA slot. Verify the key's attributes before 679 * returning the public key. */ 680 if (psa_get_key_type(attributes) != 681 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { 682 return PSA_ERROR_CORRUPTION_DETECTED; 683 } 684 if (psa_get_key_bits(attributes) != 256) { 685 return PSA_ERROR_CORRUPTION_DETECTED; 686 } 687 if (psa_get_key_algorithm(attributes) != 688 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { 689 return PSA_ERROR_CORRUPTION_DETECTED; 690 } 691 692 if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) { 693 return PSA_ERROR_BUFFER_TOO_SMALL; 694 } 695 696 memcpy(data, mbedtls_test_driver_ecdsa_pubkey, 697 sizeof(mbedtls_test_driver_ecdsa_pubkey)); 698 *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey); 699 return PSA_SUCCESS; 700 701 default: 702 return PSA_ERROR_DOES_NOT_EXIST; 703 } 704} 705 706/* The opaque test driver exposes two built-in keys when builtin key support is 707 * compiled in. 708 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128 709 * key which allows CTR mode. 710 * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1 711 * private key which allows ECDSA sign & verify. 712 * The key buffer format for these is the raw format of psa_drv_slot_number_t 713 * (i.e. for an actual driver this would mean 'builtin_key_size' = 714 * sizeof(psa_drv_slot_number_t)). 715 */ 716psa_status_t mbedtls_test_opaque_get_builtin_key( 717 psa_drv_slot_number_t slot_number, 718 psa_key_attributes_t *attributes, 719 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) 720{ 721 switch (slot_number) { 722 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT: 723 psa_set_key_type(attributes, PSA_KEY_TYPE_AES); 724 psa_set_key_bits(attributes, 128); 725 psa_set_key_usage_flags( 726 attributes, 727 PSA_KEY_USAGE_ENCRYPT | 728 PSA_KEY_USAGE_DECRYPT | 729 PSA_KEY_USAGE_EXPORT); 730 psa_set_key_algorithm(attributes, PSA_ALG_CTR); 731 732 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { 733 return PSA_ERROR_BUFFER_TOO_SMALL; 734 } 735 736 *((psa_drv_slot_number_t *) key_buffer) = 737 PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT; 738 *key_buffer_length = sizeof(psa_drv_slot_number_t); 739 return PSA_SUCCESS; 740 case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT: 741 psa_set_key_type( 742 attributes, 743 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); 744 psa_set_key_bits(attributes, 256); 745 psa_set_key_usage_flags( 746 attributes, 747 PSA_KEY_USAGE_SIGN_HASH | 748 PSA_KEY_USAGE_VERIFY_HASH | 749 PSA_KEY_USAGE_EXPORT); 750 psa_set_key_algorithm( 751 attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); 752 753 if (key_buffer_size < sizeof(psa_drv_slot_number_t)) { 754 return PSA_ERROR_BUFFER_TOO_SMALL; 755 } 756 757 *((psa_drv_slot_number_t *) key_buffer) = 758 PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT; 759 *key_buffer_length = sizeof(psa_drv_slot_number_t); 760 return PSA_SUCCESS; 761 default: 762 return PSA_ERROR_DOES_NOT_EXIST; 763 } 764} 765 766psa_status_t mbedtls_test_opaque_copy_key( 767 psa_key_attributes_t *attributes, 768 const uint8_t *source_key, size_t source_key_length, 769 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) 770{ 771 /* This is a case where the opaque test driver emulates an SE without storage. 772 * With that all key context is stored in the wrapped buffer. 773 * So no additional house keeping is necessary to reference count the 774 * copied keys. This could change when the opaque test driver is extended 775 * to support SE with storage, or to emulate an SE without storage but 776 * still holding some slot references */ 777 if (source_key_length > key_buffer_size) { 778 return PSA_ERROR_BUFFER_TOO_SMALL; 779 } 780 781 memcpy(key_buffer, source_key, source_key_length); 782 *key_buffer_length = source_key_length; 783 (void) attributes; 784 return PSA_SUCCESS; 785} 786 787#endif /* PSA_CRYPTO_DRIVER_TEST */ 788