From dccb20204a79429316a4ad17133e883963022092 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 10:48:50 +0200 Subject: [PATCH 01/12] Add test component for accelerated FFDH Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 46 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 78666b41f..f2a37f2d4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". @@ -2160,6 +2160,50 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +component_test_psa_crypto_config_accel_ffdh () { + msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no USE_PSA or TLS 1.3) + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_DHM_C + + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + + # Build the main library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_dhm_ library/dhm.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + make test +} + component_test_psa_crypto_config_accel_pake() { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" From bfba51d672df62b02630a9b3697e1d27d35a8687 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:01:55 +0200 Subject: [PATCH 02/12] Add FFDH support for transparent drivers(generate, export public key) Signed-off-by: Przemek Stekiel --- .../src/drivers/test_driver_key_management.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index a3ff2ddea..dba0c2622 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -25,6 +25,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" +#include "psa_crypto_ffdh.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -36,6 +37,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_ecp.h" #include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif #include @@ -239,6 +241,17 @@ psa_status_t mbedtls_test_transparent_generate_key( #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) + && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return libtestdriver1_mbedtls_psa_ffdh_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return mbedtls_psa_ffdh_generate_key( + attributes, key, key_size, key_length); #endif } @@ -559,6 +572,21 @@ psa_status_t mbedtls_test_transparent_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(key_type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_export_ffdh_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + return mbedtls_psa_export_ffdh_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif } From c49163e7862c21897a1fe251f7d30e975e0361af Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:01 +0200 Subject: [PATCH 03/12] Adapt test driver configuration for FFDH Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 10d8e6ede..f8b3a34a7 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,14 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR @@ -222,6 +230,7 @@ #endif #endif + #if defined(PSA_WANT_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF @@ -283,3 +292,4 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 From a59255f04f764fc9a04ca9bc890b451a7828cc4f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:54 +0200 Subject: [PATCH 04/12] Adapt guards in ffdh driver Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 142 ++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 67 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 6e34eaa54..db30a8953 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -26,9 +26,11 @@ #include "psa_crypto_core.h" #include "psa_crypto_ffdh.h" #include "psa_crypto_random_impl.h" +#include "mbedtls/platform.h" -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, mbedtls_mpi *P, mbedtls_mpi *G) @@ -115,72 +117,12 @@ cleanup: return PSA_SUCCESS; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + MBEDTLS_PSA_BUILTIN_ALG_FFDH */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) -psa_status_t mbedtls_psa_key_agreement_ffdh( - const psa_key_attributes_t *attributes, - const uint8_t *peer_key, - size_t peer_key_length, - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi P, G, X, GY, K; - const size_t calculated_shared_secret_size = peer_key_length; - - if (peer_key_length != key_buffer_size || - calculated_shared_secret_size > shared_secret_size) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); - mbedtls_mpi_init(&K); - - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, - peer_key_length)); - - /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); - - *shared_secret_length = calculated_shared_secret_size; - - ret = 0; - -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); - mbedtls_mpi_free(&K); - - if (status == PSA_SUCCESS && ret != 0) { - status = mbedtls_to_psa_error(ret); - } - - return status; -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ - +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) psa_status_t mbedtls_psa_export_ffdh_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -256,7 +198,73 @@ cleanup: return status; } + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) +psa_status_t mbedtls_psa_key_agreement_ffdh( + const psa_key_attributes_t *attributes, + const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi P, G, X, GY, K; + const size_t calculated_shared_secret_size = peer_key_length; + + if (peer_key_length != key_buffer_size || + calculated_shared_secret_size > shared_secret_size) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); + mbedtls_mpi_init(&K); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + + if (status != PSA_SUCCESS) { + goto cleanup; + } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + + ret = 0; + +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); + mbedtls_mpi_free(&K); + + if (status == PSA_SUCCESS && ret != 0) { + status = mbedtls_to_psa_error(ret); + } + + return status; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From c4019fa74f15232583b7765b9c44624c10a74fe7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:05:11 +0200 Subject: [PATCH 05/12] Fix peer vs our key missmatch in ffdh key agreement transparent driver Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_key_agreement.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 843ebf95b..6cfde20ad 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/include/psa/crypto.h" #include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif mbedtls_test_driver_key_agreement_hooks_t @@ -101,8 +102,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) return libtestdriver1_mbedtls_psa_key_agreement_ffdh( (const libtestdriver1_psa_key_attributes_t *) attributes, + peer_key, peer_key_length, key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) From c80e7506a0666cc1469a109140abb5bfbe566bd7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:14:25 +0200 Subject: [PATCH 06/12] Handle simple copy import/export before driver dispatch Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++++++++++------------------ 1 file changed, 58 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7b6f05be3..242eb8571 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,23 +640,6 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_DH(type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; - } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1426,14 +1409,7 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && - (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { - /* Exporting public -> public */ - return psa_export_key_buffer_internal( - key_buffer, key_buffer_size, - data, data_size, data_length); - } else if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1514,9 +1490,23 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); + + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( + psa_get_key_lifetime(&attributes)); + + if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && + PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && + (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || + PSA_KEY_TYPE_IS_DH(slot->attr.type))) { + /* Exporting public -> public */ + status = psa_export_key_buffer_internal( + slot->key.data, slot->key.bytes, + data, data_size, data_length); + } else { + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); + } exit: unlock_status = psa_unlock_key_slot(slot); @@ -2011,12 +2001,27 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && + PSA_KEY_TYPE_IS_DH(attributes->core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, data_length); + bits = PSA_BYTES_TO_BITS(data_length); + + status = PSA_SUCCESS; + } else { + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } + if (status != PSA_SUCCESS) { goto exit; } @@ -5831,11 +5836,25 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && + PSA_KEY_TYPE_IS_DH(attributes.core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, bytes); + bits = PSA_BYTES_TO_BITS(bytes); + + status = PSA_SUCCESS; + } else { + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From ea52e1a43f6df2754877474119434e9c4c7ee803 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 12:23:12 +0200 Subject: [PATCH 07/12] Add changelog entry (FFDH driver dispatch) Signed-off-by: Przemek Stekiel --- ChangeLog.d/driver-ffdh.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/driver-ffdh.txt diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt new file mode 100644 index 000000000..118513304 --- /dev/null +++ b/ChangeLog.d/driver-ffdh.txt @@ -0,0 +1,3 @@ +Features + * Add a driver dispatch layer for FFDH keys, enabling alternative + implementations of FFDH through the driver entry points. From 0b11ee08882e10f5512f9150cb42be620b1ccffb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 13:26:06 +0200 Subject: [PATCH 08/12] Fix compilation errors(unused variables, guards) Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 242eb8571..ec23830a2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,9 +129,6 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -141,9 +138,6 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || - PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { @@ -1450,6 +1444,11 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ } else { + (void) key_buffer; + (void) key_buffer_size; + (void) data; + (void) data_size; + (void) data_length; return PSA_ERROR_NOT_SUPPORTED; } } From 055ffed563ccd9fe1e06a827fb318614f34a3a4d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 30 May 2023 12:51:49 +0200 Subject: [PATCH 09/12] Revert "Handle simple copy import/export before driver dispatch" This reverts commit c80e7506a0666cc1469a109140abb5bfbe566bd7. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 58 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec23830a2..acb39a1bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -634,6 +634,23 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + if (PSA_KEY_TYPE_IS_DH(type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Copy the key material. */ + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + (void) key_buffer_size; + + return PSA_SUCCESS; + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1403,7 +1420,14 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && + (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type))) { + /* Exporting public -> public */ + return psa_export_key_buffer_internal( + key_buffer, key_buffer_size, + data, data_size, data_length); + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1489,23 +1513,9 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime(&attributes)); - - if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && - PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && - (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || - PSA_KEY_TYPE_IS_DH(slot->attr.type))) { - /* Exporting public -> public */ - status = psa_export_key_buffer_internal( - slot->key.data, slot->key.bytes, - data, data_size, data_length); - } else { - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); - } + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); exit: unlock_status = psa_unlock_key_slot(slot); @@ -2000,27 +2010,12 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && - PSA_KEY_TYPE_IS_DH(attributes->core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, data_length); - bits = PSA_BYTES_TO_BITS(data_length); - - status = PSA_SUCCESS; - } else { - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } - + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (status != PSA_SUCCESS) { goto exit; } @@ -5835,25 +5830,11 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && - PSA_KEY_TYPE_IS_DH(attributes.core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, bytes); - bits = PSA_BYTES_TO_BITS(bytes); - - status = PSA_SUCCESS; - } else { - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From 33c91eb5d33ec56943e1e4f1c5ac720e9372322d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 30 May 2023 15:16:35 +0200 Subject: [PATCH 10/12] Add driver support for DH import key and export public key Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 13 +++----- library/psa_crypto_ffdh.c | 31 ++++++++++++++++++- library/psa_crypto_ffdh.h | 29 +++++++++++++++++ .../src/drivers/test_driver_key_management.c | 18 ++++++++++- 4 files changed, 81 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index acb39a1bc..dc383bca3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,14 +640,11 @@ psa_status_t psa_import_key_into_slot( if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; + return mbedtls_psa_ffdh_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index db30a8953..4550a72b9 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -134,7 +134,18 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GX, G, X, P; - (void) attributes; + psa_key_type_t type = attributes->core.type; + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_buffer_size > data_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(data, key_buffer, key_buffer_size); + memset(data + key_buffer_size, 0, + data_size - key_buffer_size); + *data_length = key_buffer_size; + return PSA_SUCCESS; + } mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); @@ -199,6 +210,24 @@ cleanup: return status; } +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits) +{ + (void) attributes; + + if (key_buffer_size < data_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 62b05b2e7..5d7d951c7 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -112,4 +112,33 @@ psa_status_t mbedtls_psa_ffdh_generate_key( size_t key_buffer_size, size_t *key_buffer_length); +/** + * \brief Import DH key. + * + * \note The signature of the function is that of a PSA driver import_key + * entry point. + * + * \param[in] attributes The attributes for the key to import. + * \param[in] data The buffer containing the key data in import + * format. + * \param[in] data_length Size of the \p data buffer in bytes. + * \param[out] key_buffer The buffer containing the key data in output + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This + * size is greater or equal to \p data_length. + * \param[out] key_buffer_length The length of the data written in \p + * key_buffer in bytes. + * \param[out] bits The key size in number of bits. + * + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + */ +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits); + #endif /* PSA_CRYPTO_FFDH_H */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index dba0c2622..3ff1053e3 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -321,9 +321,25 @@ psa_status_t mbedtls_test_transparent_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); +#endif + } else if (PSA_KEY_TYPE_IS_DH(type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ffdh_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_ffdh_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif } - (void) data; (void) data_length; (void) key_buffer; From 28111dbf06f549c26998df86e013bc3a8facc681 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:30:58 +0200 Subject: [PATCH 11/12] Adapt guards for psa_is_dh_key_size_valid Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dc383bca3..58e8a8a2e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,6 +129,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -138,6 +141,9 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { From 6efa608d20b1928ebf4f9f82a1fcde273eace59f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:38:21 +0200 Subject: [PATCH 12/12] Revert setting optimization flag(use O2) Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2a37f2d4..4b220404d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_".