From f202c2968b9c83ffe948ad5af788a7d035acc87a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 10:42:37 +0100 Subject: [PATCH 1/8] test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 20 +++++++++++-------- tests/suites/test_suite_psa_crypto.function | 22 ++++++++++++++++----- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1bd8b6500..e6acfb20f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1025,35 +1025,39 @@ aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_ PSA key policy: asymmetric encryption, encrypt | decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, alg=0 in policy depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0 PSA key policy: asymmetric encryption, encrypt but not decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, decrypt but not encrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 PSA key policy: asymmetric encryption, neither encrypt nor decrypt depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT +asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0 + +PSA key policy: asymmetric encryption, opaque key, encrypt | decrypt +depends_on:PSA_CRYPTO_DRIVER_TEST:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT +asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:1 PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c08a9017..f67508c5f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2107,7 +2107,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, int policy_alg, int key_type, data_t *key_data, - int exercise_alg) + int exercise_alg, + int use_opaque_key) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,6 +2125,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, psa_set_key_algorithm(&attributes, policy_alg); psa_set_key_type(&attributes, key_type); + if (use_opaque_key) { + psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)); + } + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); @@ -2142,8 +2148,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { + if (use_opaque_key) { + /* Encryption/decryption is opaque keys is currently not supported. */ + TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); + } else if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { PSA_ASSERT(status); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); @@ -2157,8 +2166,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { + if (use_opaque_key) { + /* Encryption/decryption is opaque keys is currently not supported. */ + TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); + } else if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); From 5bb454aace1db636dc7128a48eb5d7328b018639 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 10:43:16 +0100 Subject: [PATCH 2/8] psa_crypto: allow asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8baa6b6f..e4ecdd08c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3080,7 +3080,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg); if (status != PSA_SUCCESS) { return status; @@ -3132,7 +3132,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, return PSA_ERROR_INVALID_ARGUMENT; } - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( key, &slot, PSA_KEY_USAGE_DECRYPT, alg); if (status != PSA_SUCCESS) { return status; From 66a827fc8394f67096f6f3ea7eb11ddbe8ad6616 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:00:52 +0100 Subject: [PATCH 3/8] test_driver_key_management: make opaque [un]wrapping functions public Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 8 ++++++++ tests/src/drivers/test_driver_key_management.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 526adbb91..9a68777ec 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -67,6 +67,14 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); +psa_status_t mbedtls_test_opaque_wrap_key( + const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, + size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); + +psa_status_t mbedtls_test_opaque_unwrap_key( + const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, + size_t key_buffer_size, size_t *key_buffer_length); + psa_status_t mbedtls_test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index d522ebfe8..4188c25c1 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_wrap_key( +psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, @@ -159,7 +159,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key( * The argument key_buffer_length is filled with the unwrapped(clear) * key_size on success. * */ -static psa_status_t mbedtls_test_opaque_unwrap_key( +psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, From 62b6f10f64f8454b3aba38fda05257356cd56541 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:03:17 +0100 Subject: [PATCH 4/8] test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions Signed-off-by: Valerio Setti --- .../test_driver_asymmetric_encryption.c | 78 +++++++++++++------ 1 file changed, 55 insertions(+), 23 deletions(-) diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index ff46387d5..4fc8c9d34 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -13,11 +13,15 @@ #include "psa_crypto_rsa.h" #include "string.h" #include "test/drivers/asymmetric_encryption.h" +#include "test/drivers/key_management.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_rsa.h" #endif +#define PSA_RSA_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) + mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks = MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT; @@ -104,7 +108,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt( } /* - * opaque versions - TODO + * opaque versions */ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, @@ -112,17 +116,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_encrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_encrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } @@ -132,17 +150,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt( size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - (void) salt; - (void) salt_length; - (void) output; - (void) output_size; - (void) output_length; + unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE]; + size_t unwrapped_key_length; + psa_status_t status; + + status = mbedtls_test_opaque_unwrap_key(key, key_length, + unwrapped_key, sizeof(unwrapped_key), + &unwrapped_key_length); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)) + return libtestdriver1_mbedtls_psa_asymmetric_decrypt( + (const libtestdriver1_psa_key_attributes_t *) attributes, + unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#else + return mbedtls_psa_asymmetric_decrypt( + attributes, unwrapped_key, unwrapped_key_length, + alg, input, input_length, salt, salt_length, + output, output_size, output_length); +#endif + return PSA_ERROR_NOT_SUPPORTED; } From 4860a6c7acc281bf581f972147d09c0407bebbe1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Jan 2024 15:05:24 +0100 Subject: [PATCH 5/8] test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.function | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f67508c5f..60c4f30d8 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2148,11 +2148,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (use_opaque_key) { - /* Encryption/decryption is opaque keys is currently not supported. */ - TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); - } else if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { + if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_ENCRYPT) != 0) { PSA_ASSERT(status); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); @@ -2166,11 +2163,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg, NULL, 0, buffer, buffer_length, &output_length); - if (use_opaque_key) { - /* Encryption/decryption is opaque keys is currently not supported. */ - TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); - } else if (policy_alg == exercise_alg && - (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { + if (policy_alg == exercise_alg && + (policy_usage & PSA_KEY_USAGE_DECRYPT) != 0) { TEST_EQUAL(status, PSA_ERROR_INVALID_PADDING); } else { TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED); From 584dc80d965541e1e93301d4e9b1d7f719168c32 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Jan 2024 16:43:07 +0100 Subject: [PATCH 6/8] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8461.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8461.txt diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt new file mode 100644 index 000000000..459e47bd2 --- /dev/null +++ b/ChangeLog.d/8461.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix unsupported PSA asymmetric encryption and dectryption + (psa_asymmetric_[en|de]crypt) with opaque keys. + Resolves #8461. From 43ff242a8b0e2a6d7488e502eb70c55e31a057c4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Jan 2024 08:42:38 +0100 Subject: [PATCH 7/8] changelog: fix typo Signed-off-by: Valerio Setti --- ChangeLog.d/8461.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/8461.txt b/ChangeLog.d/8461.txt index 459e47bd2..d6a65f070 100644 --- a/ChangeLog.d/8461.txt +++ b/ChangeLog.d/8461.txt @@ -1,4 +1,4 @@ Bugfix - * Fix unsupported PSA asymmetric encryption and dectryption + * Fix unsupported PSA asymmetric encryption and decryption (psa_asymmetric_[en|de]crypt) with opaque keys. Resolves #8461. From 4f34b155f52fa1015cfe3f1177ed5739e7d07dc7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Jan 2024 08:44:13 +0100 Subject: [PATCH 8/8] test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private Only mbedtls_test_opaque_unwrap_key() is actually needed by other test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key() can be kept private to test_driver_key_management.c. Signed-off-by: Valerio Setti --- tests/include/test/drivers/key_management.h | 4 ---- tests/src/drivers/test_driver_key_management.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 9a68777ec..7b5c4c7bf 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -67,10 +67,6 @@ void mbedtls_test_transparent_free(void); psa_status_t mbedtls_test_opaque_init(void); void mbedtls_test_opaque_free(void); -psa_status_t mbedtls_test_opaque_wrap_key( - const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer, - size_t wrapped_key_buffer_size, size_t *wrapped_key_buffer_length); - psa_status_t mbedtls_test_opaque_unwrap_key( const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 4188c25c1..a3d532d51 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -125,7 +125,7 @@ static size_t mbedtls_test_opaque_get_base_size() * The argument wrapped_key_buffer_length is filled with the wrapped * key_size on success. * */ -psa_status_t mbedtls_test_opaque_wrap_key( +static psa_status_t mbedtls_test_opaque_wrap_key( const uint8_t *key, size_t key_length, uint8_t *wrapped_key_buffer,