From f0765fa06a093df0a931974faccbff3582941541 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Feb 2024 16:46:16 +0100 Subject: [PATCH] Implement psa_generate_key_ext, psa_key_derivation_output_key_ext Implement and unit-test the new functions psa_generate_key_ext() and psa_key_derivation_output_key_ext(), only for the default method. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 62 ++++++- tests/suites/test_suite_psa_crypto.data | 48 ++++++ tests/suites/test_suite_psa_crypto.function | 179 ++++++++++++++++++++ 3 files changed, 284 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4a0666bb8..6263be9c2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6023,9 +6023,27 @@ exit: return status; } -psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key) +static const psa_key_generation_method_t default_method = PSA_KEY_GENERATION_METHOD_INIT; + +static int psa_key_generation_method_is_default( + const psa_key_generation_method_t *method, + size_t method_length) +{ + if (method_length != sizeof(*method)) { + return 0; + } + if (method->flags != 0) { + return 0; + } + return 1; +} + +psa_status_t psa_key_derivation_output_key_ext( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_key_generation_method_t *method, + size_t method_length, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -6039,6 +6057,13 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute return PSA_ERROR_INVALID_ARGUMENT; } + if (method_length < sizeof(*method)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (!psa_key_generation_method_is_default(method, method_length)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -6070,6 +6095,16 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute return status; } +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t *key) +{ + return psa_key_derivation_output_key_ext( + attributes, operation, + &default_method, sizeof(default_method), + key); +} /****************************************************************/ @@ -7523,8 +7558,10 @@ psa_status_t psa_generate_key_internal( return PSA_SUCCESS; } -psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key) +psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, + const psa_key_generation_method_t *method, + size_t method_length, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -7544,6 +7581,13 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, return PSA_ERROR_INVALID_ARGUMENT; } + if (method_length < sizeof(*method)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (!psa_key_generation_method_is_default(method, method_length)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes, &slot, &driver); if (status != PSA_SUCCESS) { @@ -7598,6 +7642,14 @@ exit: return status; } +psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) +{ + return psa_generate_key_ext(attributes, + &default_method, sizeof(default_method), + key); +} + /****************************************************************/ /* Module setup */ /****************************************************************/ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 34af94a25..bc6ca1b28 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6870,6 +6870,26 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52" +PSA key derivation: default method -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a" + +PSA key derivation: null method -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:-offsetof(psa_key_generation_method_t, data):"":PSA_ERROR_INVALID_ARGUMENT:"" + +PSA key derivation: method too short by 1 -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:-1:"":PSA_ERROR_INVALID_ARGUMENT:"" + +PSA key derivation: method.flags=1 -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:"" + +PSA key derivation: method.data non-empty -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:"" + PSA key derivation: invalid type (0) depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0 @@ -7461,6 +7481,34 @@ PSA generate key: FFDH, 1024 bits, invalid bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 +PSA generate key ext: RSA, null method +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:-offsetof(psa_key_generation_method_t, data):"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: RSA, method too short by 1 +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:-1:"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: RSA, method.flags=1 +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:1:"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: ECC, null method +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:-offsetof(psa_key_generation_method_t, data):"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: ECC, flags=0 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS + +PSA generate key ext: ECC, flags=1 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: ECC, method.data non-empty +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT + +Key generation method initializers +key_generation_method_init: + PSA import persistent key: raw data, 8 bits depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f88121fa5..05b49bd80 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1303,6 +1303,27 @@ exit: } #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ +static int setup_key_generation_method(psa_key_generation_method_t **method, + size_t *method_length, + int64_t flags_arg, + const data_t *method_data) +{ + if (flags_arg >= 0) { + *method_length = sizeof(**method) + method_data->len; + *method = mbedtls_calloc(1, *method_length); + TEST_ASSERT(*method != NULL); + (*method)->flags = (uint32_t) flags_arg; + memcpy((*method)->data, method_data->x, method_data->len); + } else if (sizeof(**method) + flags_arg > 0) { + *method_length = sizeof(**method) + flags_arg; + *method = mbedtls_calloc(1, *method_length); + TEST_ASSERT(*method != NULL); + } + return 1; +exit: + return 0; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -9302,6 +9323,81 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void derive_key_ext(int alg_arg, + data_t *key_data, + data_t *input1, + data_t *input2, + int key_type_arg, int bits_arg, + int64_t flags_arg, /*negative for truncated method*/ + data_t *method_data, + psa_status_t expected_status, + data_t *expected_export) +{ + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; + const psa_algorithm_t alg = alg_arg; + const psa_key_type_t key_type = key_type_arg; + const size_t bits = bits_arg; + psa_key_generation_method_t *method = NULL; + size_t method_length = 0; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + const size_t export_buffer_size = + PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits); + uint8_t *export_buffer = NULL; + psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t export_length; + + TEST_CALLOC(export_buffer, export_buffer_size); + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&base_attributes, alg); + psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); + PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, + &base_key)); + + if (mbedtls_test_psa_setup_key_derivation_wrap( + &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + PSA_KEY_DERIVATION_UNLIMITED_CAPACITY) == 0) { + goto exit; + } + + psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&derived_attributes, 0); + psa_set_key_type(&derived_attributes, key_type); + psa_set_key_bits(&derived_attributes, bits); + if (!setup_key_generation_method(&method, &method_length, + flags_arg, method_data)) { + goto exit; + } + + TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation, + method, method_length, + &derived_key), + expected_status); + + if (expected_status == PSA_SUCCESS) { + PSA_ASSERT(psa_export_key(derived_key, + export_buffer, export_buffer_size, + &export_length)); + TEST_MEMORY_COMPARE(export_buffer, export_length, + expected_export->x, expected_export->len); + } + +exit: + mbedtls_free(export_buffer); + mbedtls_free(method); + psa_key_derivation_abort(&operation); + psa_destroy_key(base_key); + psa_destroy_key(derived_key); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void derive_key(int alg_arg, data_t *key_data, data_t *input1, data_t *input2, @@ -9817,6 +9913,89 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void generate_key_ext(int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int64_t flags_arg, /*negative for truncated method*/ + data_t *method_data, + int expected_status_arg) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t type = type_arg; + psa_key_usage_t usage = usage_arg; + size_t bits = bits_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_generation_method_t *method = NULL; + size_t method_length = 0; + psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + + if (!setup_key_generation_method(&method, &method_length, + flags_arg, method_data)) { + goto exit; + } + + /* Generate a key */ + psa_status_t status = psa_generate_key_ext(&attributes, + method, method_length, + &key); + + TEST_EQUAL(status, expected_status); + if (expected_status != PSA_SUCCESS) { + goto exit; + } + + /* Test the key information */ + PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); + TEST_EQUAL(psa_get_key_type(&got_attributes), type); + TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); + + /* Do something with the key according to its type and permitted usage. */ + if (!mbedtls_test_psa_exercise_key(key, usage, alg)) { + goto exit; + } + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&got_attributes); + mbedtls_free(method); + psa_destroy_key(key); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_generation_method_init() +{ + psa_key_generation_method_t func = psa_key_generation_method_init(); + psa_key_generation_method_t init = PSA_KEY_GENERATION_METHOD_INIT; + psa_key_generation_method_t zero; + memset(&zero, 0, sizeof(zero)); + + /* In order for sizeof(psa_key_generation_method_t) to mean + * empty data, there must not be any padding in the structure: + * the size of the structure must be the offset of the data field. */ + TEST_EQUAL(sizeof(zero), offsetof(psa_key_generation_method_t, data)); + + TEST_EQUAL(func.flags, 0); + TEST_EQUAL(init.flags, 0); + TEST_EQUAL(zero.flags, 0); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void persistent_key_load_key_from_storage(data_t *data, int type_arg, int bits_arg,