• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Test driver for generating and verifying keys.
3  * Currently only supports generating and verifying ECC keys.
4  */
5 /*  Copyright The Mbed TLS Contributors
6  *  SPDX-License-Identifier: Apache-2.0
7  *
8  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
9  *  not use this file except in compliance with the License.
10  *  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  *  Unless required by applicable law or agreed to in writing, software
15  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  *  See the License for the specific language governing permissions and
18  *  limitations under the License.
19  */
20 
21 #include <test/helpers.h>
22 
23 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
24 #include "psa/crypto.h"
25 #include "psa_crypto_core.h"
26 #include "psa_crypto_ecp.h"
27 #include "psa_crypto_rsa.h"
28 #include "mbedtls/ecp.h"
29 #include "mbedtls/error.h"
30 
31 #include "test/drivers/key_management.h"
32 #include "test/drivers/test_driver.h"
33 
34 #include "test/random.h"
35 
36 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
37 #include "libtestdriver1/library/psa_crypto_ecp.h"
38 #include "libtestdriver1/library/psa_crypto_rsa.h"
39 #endif
40 
41 #include <string.h>
42 
43 mbedtls_test_driver_key_management_hooks_t
44     mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
45 
46 const uint8_t mbedtls_test_driver_aes_key[16] =
47 { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
48   0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
49 const uint8_t mbedtls_test_driver_ecdsa_key[32] =
50 { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
51   0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
52   0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
53   0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
54 const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
55 { 0x04,
56   0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
57   0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
58   0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
59   0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
60   0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
61   0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
62   0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
63   0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
64 
mbedtls_test_transparent_init(void)65 psa_status_t mbedtls_test_transparent_init(void)
66 {
67     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
68 
69 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
70     status = libtestdriver1_psa_crypto_init();
71     if (status != PSA_SUCCESS) {
72         return status;
73     }
74 #endif
75 
76     (void) status;
77     return PSA_SUCCESS;
78 }
79 
mbedtls_test_transparent_free(void)80 void mbedtls_test_transparent_free(void)
81 {
82 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
83     libtestdriver1_mbedtls_psa_crypto_free();
84 #endif
85 
86     return;
87 }
88 
mbedtls_test_opaque_init(void)89 psa_status_t mbedtls_test_opaque_init(void)
90 {
91     return PSA_SUCCESS;
92 }
93 
mbedtls_test_opaque_free(void)94 void mbedtls_test_opaque_free(void)
95 {
96     return;
97 }
98 
99 /*
100  * This macro returns the base size for the key context when SE does not
101  * support storage. It is the size of the metadata that gets added to the
102  * wrapped key. In its test functionality the metadata is just some padded
103  * prefixing to the key.
104  */
105 #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE  \
106     PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
107 
108 
mbedtls_test_opaque_size_function(const psa_key_type_t key_type,const size_t key_bits)109 size_t mbedtls_test_opaque_size_function(
110     const psa_key_type_t key_type,
111     const size_t key_bits)
112 {
113     size_t key_buffer_size = 0;
114 
115     key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
116     if (key_buffer_size == 0) {
117         return 0;
118     }
119     /* Include spacing for base size overhead over the key size
120      * */
121     key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
122     return key_buffer_size;
123 }
124 
mbedtls_test_opaque_get_base_size()125 static size_t mbedtls_test_opaque_get_base_size()
126 {
127     return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
128 }
129 
130 /*
131  * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
132  * clear key. It expects the clear and wrap buffers to be passed in.
133  * key_length is the size of the clear key to be wrapped.
134  * wrapped_key_buffer_size is the size of the output buffer wrap_key.
135  * The argument wrapped_key_buffer_length is filled with the wrapped
136  * key_size on success.
137  * */
mbedtls_test_opaque_wrap_key(const uint8_t * key,size_t key_length,uint8_t * wrapped_key_buffer,size_t wrapped_key_buffer_size,size_t * wrapped_key_buffer_length)138 static psa_status_t mbedtls_test_opaque_wrap_key(
139     const uint8_t *key,
140     size_t key_length,
141     uint8_t *wrapped_key_buffer,
142     size_t wrapped_key_buffer_size,
143     size_t *wrapped_key_buffer_length)
144 {
145     size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
146     uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
147 
148     if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
149         return PSA_ERROR_BUFFER_TOO_SMALL;
150     }
151 
152     /* Write in the opaque pad prefix */
153     memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
154     wrapped_key_buffer += opaque_key_base_size;
155     *wrapped_key_buffer_length = key_length + opaque_key_base_size;
156 
157     while (key_length--) {
158         wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
159     }
160     return PSA_SUCCESS;
161 }
162 
163 /*
164  * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
165  * and unwraps the wrapped key. It expects the clear and wrap buffers to be
166  * passed in.
167  * wrapped_key_length is the size of the wrapped key,
168  * key_buffer_size is the size of the output buffer clear_key.
169  * The argument key_buffer_length is filled with the unwrapped(clear)
170  * key_size on success.
171  * */
mbedtls_test_opaque_unwrap_key(const uint8_t * wrapped_key,size_t wrapped_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)172 static psa_status_t mbedtls_test_opaque_unwrap_key(
173     const uint8_t *wrapped_key,
174     size_t wrapped_key_length,
175     uint8_t *key_buffer,
176     size_t key_buffer_size,
177     size_t *key_buffer_length)
178 {
179     /* Remove the pad prefix from the wrapped key */
180     size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
181     size_t clear_key_size;
182 
183     /* Check for underflow */
184     if (wrapped_key_length < opaque_key_base_size) {
185         return PSA_ERROR_DATA_CORRUPT;
186     }
187     clear_key_size = wrapped_key_length - opaque_key_base_size;
188 
189     wrapped_key += opaque_key_base_size;
190     if (clear_key_size > key_buffer_size) {
191         return PSA_ERROR_BUFFER_TOO_SMALL;
192     }
193 
194     *key_buffer_length = clear_key_size;
195     while (clear_key_size--) {
196         key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
197     }
198     return PSA_SUCCESS;
199 }
200 
mbedtls_test_transparent_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)201 psa_status_t mbedtls_test_transparent_generate_key(
202     const psa_key_attributes_t *attributes,
203     uint8_t *key, size_t key_size, size_t *key_length)
204 {
205     ++mbedtls_test_driver_key_management_hooks.hits;
206 
207     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
208         return mbedtls_test_driver_key_management_hooks.forced_status;
209     }
210 
211     if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
212         if (mbedtls_test_driver_key_management_hooks.forced_output_length >
213             key_size) {
214             return PSA_ERROR_BUFFER_TOO_SMALL;
215         }
216         memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
217                mbedtls_test_driver_key_management_hooks.forced_output_length);
218         *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
219         return PSA_SUCCESS;
220     }
221 
222     if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
223         && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
224 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
225         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
226         return libtestdriver1_mbedtls_psa_ecp_generate_key(
227             (const libtestdriver1_psa_key_attributes_t *) attributes,
228             key, key_size, key_length);
229 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
230         return mbedtls_psa_ecp_generate_key(
231             attributes, key, key_size, key_length);
232 #endif
233     } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
234 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
235         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
236         return libtestdriver1_mbedtls_psa_rsa_generate_key(
237             (const libtestdriver1_psa_key_attributes_t *) attributes,
238             key, key_size, key_length);
239 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
240         return mbedtls_psa_rsa_generate_key(
241             attributes, key, key_size, key_length);
242 #endif
243     }
244 
245     (void) attributes;
246     return PSA_ERROR_NOT_SUPPORTED;
247 }
248 
mbedtls_test_opaque_generate_key(const psa_key_attributes_t * attributes,uint8_t * key,size_t key_size,size_t * key_length)249 psa_status_t mbedtls_test_opaque_generate_key(
250     const psa_key_attributes_t *attributes,
251     uint8_t *key, size_t key_size, size_t *key_length)
252 {
253     (void) attributes;
254     (void) key;
255     (void) key_size;
256     (void) key_length;
257     return PSA_ERROR_NOT_SUPPORTED;
258 }
259 
mbedtls_test_transparent_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)260 psa_status_t mbedtls_test_transparent_import_key(
261     const psa_key_attributes_t *attributes,
262     const uint8_t *data,
263     size_t data_length,
264     uint8_t *key_buffer,
265     size_t key_buffer_size,
266     size_t *key_buffer_length,
267     size_t *bits)
268 {
269     psa_key_type_t type = psa_get_key_type(attributes);
270 
271     ++mbedtls_test_driver_key_management_hooks.hits;
272     mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
273 
274     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
275         return mbedtls_test_driver_key_management_hooks.forced_status;
276     }
277 
278     if (PSA_KEY_TYPE_IS_ECC(type)) {
279 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
280         (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
281         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
282         return libtestdriver1_mbedtls_psa_ecp_import_key(
283             (const libtestdriver1_psa_key_attributes_t *) attributes,
284             data, data_length,
285             key_buffer, key_buffer_size,
286             key_buffer_length, bits);
287 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
288         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
289         return mbedtls_psa_ecp_import_key(
290             attributes,
291             data, data_length,
292             key_buffer, key_buffer_size,
293             key_buffer_length, bits);
294 #endif
295     } else if (PSA_KEY_TYPE_IS_RSA(type)) {
296 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
297         (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
298         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
299         return libtestdriver1_mbedtls_psa_rsa_import_key(
300             (const libtestdriver1_psa_key_attributes_t *) attributes,
301             data, data_length,
302             key_buffer, key_buffer_size,
303             key_buffer_length, bits);
304 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
305         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
306         return mbedtls_psa_rsa_import_key(
307             attributes,
308             data, data_length,
309             key_buffer, key_buffer_size,
310             key_buffer_length, bits);
311 #endif
312     }
313 
314     (void) data;
315     (void) data_length;
316     (void) key_buffer;
317     (void) key_buffer_size;
318     (void) key_buffer_length;
319     (void) bits;
320     (void) type;
321 
322     return PSA_ERROR_NOT_SUPPORTED;
323 }
324 
325 
mbedtls_test_opaque_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)326 psa_status_t mbedtls_test_opaque_import_key(
327     const psa_key_attributes_t *attributes,
328     const uint8_t *data,
329     size_t data_length,
330     uint8_t *key_buffer,
331     size_t key_buffer_size,
332     size_t *key_buffer_length,
333     size_t *bits)
334 {
335     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
336     psa_key_type_t type = psa_get_key_type(attributes);
337     /* This buffer will be used as an intermediate placeholder for
338      * the clear key till we wrap it */
339     uint8_t *key_buffer_temp;
340 
341     ++mbedtls_test_driver_key_management_hooks.hits;
342     mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
343 
344     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
345         return mbedtls_test_driver_key_management_hooks.forced_status;
346     }
347 
348     key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
349     if (key_buffer_temp == NULL) {
350         return PSA_ERROR_INSUFFICIENT_MEMORY;
351     }
352 
353     if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
354         *bits = PSA_BYTES_TO_BITS(data_length);
355 
356         status = psa_validate_unstructured_key_bit_size(type,
357                                                         *bits);
358         if (status != PSA_SUCCESS) {
359             goto exit;
360         }
361 
362         if (data_length > key_buffer_size) {
363             return PSA_ERROR_BUFFER_TOO_SMALL;
364         }
365 
366         /* Copy the key material accounting for opaque key padding. */
367         memcpy(key_buffer_temp, data, data_length);
368         *key_buffer_length = data_length;
369     } else if (PSA_KEY_TYPE_IS_ECC(type)) {
370 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
371         (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
372         defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
373         status = libtestdriver1_mbedtls_psa_ecp_import_key(
374             (const libtestdriver1_psa_key_attributes_t *) attributes,
375             data, data_length,
376             key_buffer_temp, key_buffer_size,
377             key_buffer_length, bits);
378 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
379         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
380         status = mbedtls_psa_ecp_import_key(
381             attributes,
382             data, data_length,
383             key_buffer_temp, key_buffer_size,
384             key_buffer_length, bits);
385 #else
386         status = PSA_ERROR_NOT_SUPPORTED;
387 #endif
388         if (status != PSA_SUCCESS) {
389             goto exit;
390         }
391     } else if (PSA_KEY_TYPE_IS_RSA(type)) {
392 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
393         (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
394         defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
395         status = libtestdriver1_mbedtls_psa_rsa_import_key(
396             (const libtestdriver1_psa_key_attributes_t *) attributes,
397             data, data_length,
398             key_buffer_temp, key_buffer_size,
399             key_buffer_length, bits);
400 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
401         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
402         status = mbedtls_psa_rsa_import_key(
403             attributes,
404             data, data_length,
405             key_buffer_temp, key_buffer_size,
406             key_buffer_length, bits);
407 #else
408         status = PSA_ERROR_NOT_SUPPORTED;
409 #endif
410         if (status != PSA_SUCCESS) {
411             goto exit;
412         }
413     } else {
414         status = PSA_ERROR_INVALID_ARGUMENT;
415         goto exit;
416     }
417 
418     status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
419                                           key_buffer, key_buffer_size, key_buffer_length);
420 exit:
421     mbedtls_free(key_buffer_temp);
422     return status;
423 }
424 
mbedtls_test_opaque_export_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)425 psa_status_t mbedtls_test_opaque_export_key(
426     const psa_key_attributes_t *attributes,
427     const uint8_t *key, size_t key_length,
428     uint8_t *data, size_t data_size, size_t *data_length)
429 {
430     if (key_length == sizeof(psa_drv_slot_number_t)) {
431         /* Assume this is a builtin key based on the key material length. */
432         psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
433 
434         switch (slot_number) {
435             case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
436                 /* This is the ECDSA slot. Verify the key's attributes before
437                  * returning the private key. */
438                 if (psa_get_key_type(attributes) !=
439                     PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
440                     return PSA_ERROR_CORRUPTION_DETECTED;
441                 }
442                 if (psa_get_key_bits(attributes) != 256) {
443                     return PSA_ERROR_CORRUPTION_DETECTED;
444                 }
445                 if (psa_get_key_algorithm(attributes) !=
446                     PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
447                     return PSA_ERROR_CORRUPTION_DETECTED;
448                 }
449                 if ((psa_get_key_usage_flags(attributes) &
450                      PSA_KEY_USAGE_EXPORT) == 0) {
451                     return PSA_ERROR_CORRUPTION_DETECTED;
452                 }
453 
454                 if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
455                     return PSA_ERROR_BUFFER_TOO_SMALL;
456                 }
457 
458                 memcpy(data, mbedtls_test_driver_ecdsa_key,
459                        sizeof(mbedtls_test_driver_ecdsa_key));
460                 *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
461                 return PSA_SUCCESS;
462 
463             case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
464                 /* This is the AES slot. Verify the key's attributes before
465                  * returning the key. */
466                 if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
467                     return PSA_ERROR_CORRUPTION_DETECTED;
468                 }
469                 if (psa_get_key_bits(attributes) != 128) {
470                     return PSA_ERROR_CORRUPTION_DETECTED;
471                 }
472                 if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
473                     return PSA_ERROR_CORRUPTION_DETECTED;
474                 }
475                 if ((psa_get_key_usage_flags(attributes) &
476                      PSA_KEY_USAGE_EXPORT) == 0) {
477                     return PSA_ERROR_CORRUPTION_DETECTED;
478                 }
479 
480                 if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
481                     return PSA_ERROR_BUFFER_TOO_SMALL;
482                 }
483 
484                 memcpy(data, mbedtls_test_driver_aes_key,
485                        sizeof(mbedtls_test_driver_aes_key));
486                 *data_length = sizeof(mbedtls_test_driver_aes_key);
487                 return PSA_SUCCESS;
488 
489             default:
490                 return PSA_ERROR_DOES_NOT_EXIST;
491         }
492     } else {
493         /* This buffer will be used as an intermediate placeholder for
494          * the opaque key till we unwrap the key into key_buffer */
495         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
496         psa_key_type_t type = psa_get_key_type(attributes);
497 
498         if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
499             PSA_KEY_TYPE_IS_RSA(type)   ||
500             PSA_KEY_TYPE_IS_ECC(type)) {
501             status = mbedtls_test_opaque_unwrap_key(key, key_length,
502                                                     data, data_size, data_length);
503             return status;
504         }
505     }
506     return PSA_ERROR_NOT_SUPPORTED;
507 }
508 
mbedtls_test_transparent_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)509 psa_status_t mbedtls_test_transparent_export_public_key(
510     const psa_key_attributes_t *attributes,
511     const uint8_t *key_buffer, size_t key_buffer_size,
512     uint8_t *data, size_t data_size, size_t *data_length)
513 {
514     ++mbedtls_test_driver_key_management_hooks.hits;
515 
516     if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
517         return mbedtls_test_driver_key_management_hooks.forced_status;
518     }
519 
520     if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
521         if (mbedtls_test_driver_key_management_hooks.forced_output_length >
522             data_size) {
523             return PSA_ERROR_BUFFER_TOO_SMALL;
524         }
525         memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
526                mbedtls_test_driver_key_management_hooks.forced_output_length);
527         *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
528         return PSA_SUCCESS;
529     }
530 
531     psa_key_type_t key_type = psa_get_key_type(attributes);
532 
533     if (PSA_KEY_TYPE_IS_ECC(key_type)) {
534 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
535         (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
536         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
537         return libtestdriver1_mbedtls_psa_ecp_export_public_key(
538             (const libtestdriver1_psa_key_attributes_t *) attributes,
539             key_buffer, key_buffer_size,
540             data, data_size, data_length);
541 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
542         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
543         return mbedtls_psa_ecp_export_public_key(
544             attributes,
545             key_buffer, key_buffer_size,
546             data, data_size, data_length);
547 #endif
548     } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
549 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
550         (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
551         defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
552         return libtestdriver1_mbedtls_psa_rsa_export_public_key(
553             (const libtestdriver1_psa_key_attributes_t *) attributes,
554             key_buffer, key_buffer_size,
555             data, data_size, data_length);
556 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
557         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
558         return mbedtls_psa_rsa_export_public_key(
559             attributes,
560             key_buffer, key_buffer_size,
561             data, data_size, data_length);
562 #endif
563     }
564 
565     (void) key_buffer;
566     (void) key_buffer_size;
567     (void) key_type;
568 
569     return PSA_ERROR_NOT_SUPPORTED;
570 }
571 
mbedtls_test_opaque_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,uint8_t * data,size_t data_size,size_t * data_length)572 psa_status_t mbedtls_test_opaque_export_public_key(
573     const psa_key_attributes_t *attributes,
574     const uint8_t *key, size_t key_length,
575     uint8_t *data, size_t data_size, size_t *data_length)
576 {
577     if (key_length != sizeof(psa_drv_slot_number_t)) {
578         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
579         psa_key_type_t key_type = psa_get_key_type(attributes);
580         uint8_t *key_buffer_temp;
581 
582         key_buffer_temp = mbedtls_calloc(1, key_length);
583         if (key_buffer_temp == NULL) {
584             return PSA_ERROR_INSUFFICIENT_MEMORY;
585         }
586 
587         if (PSA_KEY_TYPE_IS_ECC(key_type)) {
588             status = mbedtls_test_opaque_unwrap_key(key, key_length,
589                                                     key_buffer_temp, key_length, data_length);
590             if (status == PSA_SUCCESS) {
591 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
592                 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
593                 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
594                 status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
595                     (const libtestdriver1_psa_key_attributes_t *) attributes,
596                     key_buffer_temp, *data_length,
597                     data, data_size, data_length);
598 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
599                 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
600                 status = mbedtls_psa_ecp_export_public_key(
601                     attributes,
602                     key_buffer_temp, *data_length,
603                     data, data_size, data_length);
604 #else
605                 status = PSA_ERROR_NOT_SUPPORTED;
606 #endif
607             }
608         } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
609             status = mbedtls_test_opaque_unwrap_key(key, key_length,
610                                                     key_buffer_temp, key_length, data_length);
611             if (status == PSA_SUCCESS) {
612 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
613                 (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
614                 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
615                 status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
616                     (const libtestdriver1_psa_key_attributes_t *) attributes,
617                     key_buffer_temp, *data_length,
618                     data, data_size, data_length);
619 #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
620                 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
621                 status = mbedtls_psa_rsa_export_public_key(
622                     attributes,
623                     key_buffer_temp, *data_length,
624                     data, data_size, data_length);
625 #else
626                 status = PSA_ERROR_NOT_SUPPORTED;
627 #endif
628             }
629         } else {
630             status = PSA_ERROR_NOT_SUPPORTED;
631             (void) key;
632             (void) key_type;
633         }
634         mbedtls_free(key_buffer_temp);
635         return status;
636     }
637 
638     /* Assume this is a builtin key based on the key material length. */
639     psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
640     switch (slot_number) {
641         case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
642             /* This is the ECDSA slot. Verify the key's attributes before
643              * returning the public key. */
644             if (psa_get_key_type(attributes) !=
645                 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
646                 return PSA_ERROR_CORRUPTION_DETECTED;
647             }
648             if (psa_get_key_bits(attributes) != 256) {
649                 return PSA_ERROR_CORRUPTION_DETECTED;
650             }
651             if (psa_get_key_algorithm(attributes) !=
652                 PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
653                 return PSA_ERROR_CORRUPTION_DETECTED;
654             }
655 
656             if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
657                 return PSA_ERROR_BUFFER_TOO_SMALL;
658             }
659 
660             memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
661                    sizeof(mbedtls_test_driver_ecdsa_pubkey));
662             *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
663             return PSA_SUCCESS;
664 
665         default:
666             return PSA_ERROR_DOES_NOT_EXIST;
667     }
668 }
669 
670 /* The opaque test driver exposes two built-in keys when builtin key support is
671  * compiled in.
672  * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
673  * key which allows CTR mode.
674  * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
675  * private key which allows ECDSA sign & verify.
676  * The key buffer format for these is the raw format of psa_drv_slot_number_t
677  * (i.e. for an actual driver this would mean 'builtin_key_size' =
678  * sizeof(psa_drv_slot_number_t)).
679  */
mbedtls_test_opaque_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)680 psa_status_t mbedtls_test_opaque_get_builtin_key(
681     psa_drv_slot_number_t slot_number,
682     psa_key_attributes_t *attributes,
683     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
684 {
685     switch (slot_number) {
686         case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
687             psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
688             psa_set_key_bits(attributes, 128);
689             psa_set_key_usage_flags(
690                 attributes,
691                 PSA_KEY_USAGE_ENCRYPT |
692                 PSA_KEY_USAGE_DECRYPT |
693                 PSA_KEY_USAGE_EXPORT);
694             psa_set_key_algorithm(attributes, PSA_ALG_CTR);
695 
696             if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
697                 return PSA_ERROR_BUFFER_TOO_SMALL;
698             }
699 
700             *((psa_drv_slot_number_t *) key_buffer) =
701                 PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
702             *key_buffer_length = sizeof(psa_drv_slot_number_t);
703             return PSA_SUCCESS;
704         case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
705             psa_set_key_type(
706                 attributes,
707                 PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
708             psa_set_key_bits(attributes, 256);
709             psa_set_key_usage_flags(
710                 attributes,
711                 PSA_KEY_USAGE_SIGN_HASH |
712                 PSA_KEY_USAGE_VERIFY_HASH |
713                 PSA_KEY_USAGE_EXPORT);
714             psa_set_key_algorithm(
715                 attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
716 
717             if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
718                 return PSA_ERROR_BUFFER_TOO_SMALL;
719             }
720 
721             *((psa_drv_slot_number_t *) key_buffer) =
722                 PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
723             *key_buffer_length = sizeof(psa_drv_slot_number_t);
724             return PSA_SUCCESS;
725         default:
726             return PSA_ERROR_DOES_NOT_EXIST;
727     }
728 }
729 
mbedtls_test_opaque_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)730 psa_status_t mbedtls_test_opaque_copy_key(
731     psa_key_attributes_t *attributes,
732     const uint8_t *source_key, size_t source_key_length,
733     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
734 {
735     /* This is a case where the opaque test driver emulates an SE without storage.
736      * With that all key context is stored in the wrapped buffer.
737      * So no additional house keeping is necessary to reference count the
738      * copied keys. This could change when the opaque test driver is extended
739      * to support SE with storage, or to emulate an SE without storage but
740      * still holding some slot references */
741     if (source_key_length > key_buffer_size) {
742         return PSA_ERROR_BUFFER_TOO_SMALL;
743     }
744 
745     memcpy(key_buffer, source_key, source_key_length);
746     *key_buffer_length = source_key_length;
747     (void) attributes;
748     return PSA_SUCCESS;
749 }
750 
751 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
752