From 4e69d7a9a7e757810d6f9a9f826a4d6f776aae72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Jun 2018 20:19:14 +0200 Subject: [PATCH 01/22] psa_generate_key: pass parameters_size argument When calling psa_generate_key, pass the size of the parameters buffer explicitly. This makes calls more verbose but less error-prone. This also has the benefit that in an implementation with separation, the frontend knows how many bytes to send to the backend without needing to know about each key type. --- include/psa/crypto.h | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 28103c78b..204ac267a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1846,14 +1846,17 @@ psa_status_t psa_generate_random(uint8_t *output, /** * \brief Generate a key or key pair. * - * \param key Slot where the key will be stored. This must be a - * valid slot for a key of the chosen type. It must - * be unoccupied. - * \param type Key type (a \c PSA_KEY_TYPE_XXX value). - * \param bits Key size in bits. - * \param parameters Extra parameters for key generation. The interpretation - * of this parameter depends on \c type. All types support - * \c NULL to use default parameters specified below. + * \param key Slot where the key will be stored. This must be a + * valid slot for a key of the chosen type. It must + * be unoccupied. + * \param type Key type (a \c PSA_KEY_TYPE_XXX value). + * \param bits Key size in bits. + * \param parameters Extra parameters for key generation. The + * interpretation of this parameter depends on + * \c type. All types support \c NULL to use + * the default parameters specified below. + * \param parameters_size Size of the buffer that \param parameters + * points to, in bytes. * * For any symmetric key type (type such that * `PSA_KEY_TYPE_IS_ASYMMETRIC(type)` is false), \c parameters must be @@ -1878,7 +1881,8 @@ psa_status_t psa_generate_random(uint8_t *output, psa_status_t psa_generate_key(psa_key_slot_t key, psa_key_type_t type, size_t bits, - const void *parameters); + const void *parameters, + size_t parameters_size); /**@}*/ From ca36a23bcefe20dc45a2c261d731b2b3cd6c81ff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Jun 2018 21:18:00 +0200 Subject: [PATCH 02/22] Fix asymmetric encrypt/decrypt test with invalid key types The key data was invalid on import. The import doesn't fail because it doesn't check the data enough. --- tests/suites/test_suite_psa_crypto.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0d7a31bdf..ca8ea2336 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -415,7 +415,7 @@ asymmetric_encrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d39 PSA encrypt: RSA PKCS#1 v1.5: invalid key type depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_encrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":PSA_ERROR_INVALID_ARGUMENT +asymmetric_encrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5: good #1 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -429,9 +429,9 @@ PSA decrypt: invalid algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":PSA_ERROR_INVALID_ARGUMENT -PSA decrypt: RSA PKCS#1 v1.5: incorrect key type +PSA decrypt: RSA PKCS#1 v1.5: invalid key type depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":PSA_ERROR_INVALID_ARGUMENT +asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, input too small depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 From 0ff4b0f7f98740197944e67303c244aba2578fa1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Jun 2018 21:31:50 +0200 Subject: [PATCH 03/22] psa_import_key: validate symmetric key size When importing a symmetric key, validate that the key size is valid for the given key type. Non-supported key types may no longer be imported. --- library/psa_crypto.c | 61 +++++++++++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 16 +++++++ 2 files changed, 73 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e41e51287..4d2f8d05b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -346,6 +346,57 @@ static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid ) } } +static psa_status_t prepare_raw_data_slot( psa_key_type_t type, + size_t bits, + struct raw_data *raw ) +{ + /* Check that the bit size is acceptable for the key type */ + switch( type ) + { + case PSA_KEY_TYPE_RAW_DATA: +#if defined(MBEDTLS_MD_C) + case PSA_KEY_TYPE_HMAC: +#endif + break; +#if defined(MBEDTLS_AES_C) + case PSA_KEY_TYPE_AES: + if( bits != 128 && bits != 192 && bits != 256 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; +#endif +#if defined(MBEDTLS_CAMELLIA_C) + case PSA_KEY_TYPE_CAMELLIA: + if( bits != 128 && bits != 192 && bits != 256 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; +#endif +#if defined(MBEDTLS_DES_C) + case PSA_KEY_TYPE_DES: + if( bits != 64 && bits != 128 && bits != 192 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; +#endif +#if defined(MBEDTLS_ARC4_C) + case PSA_KEY_TYPE_ARC4: + if( bits < 8 || bits > 2048 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; +#endif + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Allocate memory for the key */ + raw->bytes = PSA_BITS_TO_BYTES( bits ); + raw->data = mbedtls_calloc( 1, raw->bytes ); + if( raw->data == NULL ) + { + raw->bytes = 0; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + } + return( PSA_SUCCESS ); +} + psa_status_t psa_import_key( psa_key_slot_t key, psa_key_type_t type, const uint8_t *data, @@ -361,14 +412,16 @@ psa_status_t psa_import_key( psa_key_slot_t key, if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) { + psa_status_t status; /* Ensure that a bytes-to-bit conversion won't overflow. */ if( data_length > SIZE_MAX / 8 ) return( PSA_ERROR_NOT_SUPPORTED ); - slot->data.raw.data = mbedtls_calloc( 1, data_length ); - if( slot->data.raw.data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + status = prepare_raw_data_slot( type, + PSA_BYTES_TO_BITS( data_length ), + &slot->data.raw ); + if( status != PSA_SUCCESS ) + return( status ); memcpy( slot->data.raw.data, data, data_length ); - slot->data.raw.bytes = data_length; } else #if defined(MBEDTLS_PK_PARSE_C) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ca8ea2336..00add7d64 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -13,6 +13,22 @@ import_export:"2a":PSA_KEY_TYPE_RAW_DATA:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER PSA import/export raw: 2 bytes, buffer too small import_export:"2a2b":PSA_KEY_TYPE_RAW_DATA:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:16:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 +PSA import/export AES-128 +depends_on:MBEDTLS_AES_C +import_export:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:128:0:PSA_SUCCESS:1 + +PSA import/export AES-192 +depends_on:MBEDTLS_AES_C +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:192:0:PSA_SUCCESS:1 + +PSA import/export AES-256 +depends_on:MBEDTLS_AES_C +import_export:"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ALG_CTR:PSA_KEY_USAGE_EXPORT:256:0:PSA_SUCCESS:1 + +PSA import AES: bad key size +depends_on:MBEDTLS_AES_C +import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT + PSA import/export RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 From 05d69890ee67641d0cffd30880dd82636cccb6ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Jun 2018 22:00:52 +0200 Subject: [PATCH 04/22] Implement psa_generate_random --- library/psa_crypto.c | 22 +++++++++++ tests/suites/test_suite_psa_crypto.data | 15 ++++++++ tests/suites/test_suite_psa_crypto.function | 41 +++++++++++++++++++++ 3 files changed, 78 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4d2f8d05b..5609f4283 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2461,6 +2461,28 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, +/****************************************************************/ +/* Key generation */ +/****************************************************************/ + +psa_status_t psa_generate_random( uint8_t *output, + size_t output_size ) +{ + int ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, + output, output_size ); + return( mbedtls_to_psa_error( ret ) ); +} + +psa_status_t psa_generate_key( psa_key_slot_t key, + psa_key_type_t type, + size_t bits, + const void *parameters, + size_t parameters_size ) +{ + return( PSA_ERROR_NOT_SUPPORTED ); +} + + /****************************************************************/ /* Module setup */ /****************************************************************/ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 00add7d64..4b6085c40 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -456,3 +456,18 @@ asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d39 PSA decrypt: RSA PKCS#1 v1.5, input too large depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":PSA_ERROR_INVALID_ARGUMENT + +PSA generate random: 0 bytes +generate_random:0:0 + +PSA generate random: 1 byte +generate_random:1:8 + +PSA generate random: 4 bytes +generate_random:1:2 + +PSA generate random: 16 bytes +generate_random:16:0 + +PSA generate random: 19 bytes +generate_random:19:0 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9dbf0340d..c1d0e149a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1520,3 +1520,44 @@ exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ + +/* BEGIN_CASE */ +void generate_random( int bytes, int retries ) +{ + const unsigned char trail[] = "foobar"; + unsigned char *buffer1 = mbedtls_calloc( 1, bytes + sizeof( trail ) ); + unsigned char *buffer2 = mbedtls_calloc( 1, bytes ); + + TEST_ASSERT( buffer1 != NULL ); + TEST_ASSERT( buffer2 != NULL ); + memcpy( buffer1 + bytes, trail, sizeof( trail ) ); + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_generate_random( buffer1, bytes ) == PSA_SUCCESS ); + + /* Check that no more than bytes have been overwritten */ + TEST_ASSERT( memcmp( buffer1 + bytes, trail, sizeof( trail ) ) == 0 ); + + if( bytes == 0 ) + goto exit; + + /* We can't validate that the data is really random, but we can + * validate that it doesn't repeat between calls. There's a + * 1/256^bytes chance that it does repeat, of course, so allow + * a few retries. */ + ++retries; /* The first time isn't a REtry */ + do + { + --retries; + TEST_ASSERT( psa_generate_random( buffer2, bytes ) == PSA_SUCCESS ); + } + while( memcmp( buffer1, buffer2, bytes ) == 0 && retries >= -1 ); + TEST_ASSERT( retries >= 0 ); + +exit: + mbedtls_psa_crypto_free( ); + mbedtls_free( buffer1 ); + mbedtls_free( buffer2 ); +} +/* END_CASE */ From 0e2315859fd46cedff76869b0600109d2aee44bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 00:11:07 +0200 Subject: [PATCH 05/22] psa_export_key: fix asymmetric key in larger buffer Exporting an asymmetric key only worked if the target buffer had exactly the right size, because psa_export_key uses mbedtls_pk_write_key_der or mbedtls_pk_write_pubkey_der and these functions write to the end of the buffer, which psa_export_key did not correct for. Fix this by moving the data to the beginning of the buffer if necessary. Add non-regression tests. --- library/psa_crypto.c | 11 +++++++++++ tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5609f4283..c552b5331 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -629,6 +629,17 @@ static psa_status_t psa_internal_export_key( psa_key_slot_t key, ret = mbedtls_pk_write_key_der( &pk, data, data_size ); if( ret < 0 ) return( mbedtls_to_psa_error( ret ) ); + /* The mbedtls_pk_xxx functions write to the end of the buffer. + * Move the data to the beginning and erase remaining data + * at the original location. */ + if( 2 * (size_t) ret <= data_size ) + { + memcpy( data, data + data_size - ret, ret ); + } + else if( (size_t) ret < data_size ) + { + memmove( data, data + data_size - ret, ret ); + } *data_length = ret; return( PSA_SUCCESS ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4b6085c40..b4c0fa97a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -33,6 +33,10 @@ PSA import/export RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 +PSA import/export RSA public key: good, 1024-bit, larger buffer +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 + PSA import/export RSA keypair: policy forbids export depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_ENCRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 @@ -41,6 +45,10 @@ PSA import/export RSA keypair: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 +PSA import/export RSA keypair: good, 1024-bit, larger buffer +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 + PSA import/export RSA keypair: trailing garbage ignored depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0 From e66ca3bbf36332bca6a97f6bca2a5883f5f32387 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 00:11:45 +0200 Subject: [PATCH 06/22] psa_export_key: zero out potential garbage in the output buffer In psa_export_key, ensure that each byte of the output buffer either contains its original value, is zero, or is part of the actual output. Specifically, don't risk having partial output on error, and don't leave extra data at the end of the buffer when exporting an asymmetric key. Test that exporting to a previously zeroed buffer leaves the buffer zeroed outside the actual output if any. --- library/psa_crypto.c | 5 +++++ tests/suites/test_suite_psa_crypto.function | 24 +++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c552b5331..8e7aeefa2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -628,17 +628,22 @@ static psa_status_t psa_internal_export_key( psa_key_slot_t key, else ret = mbedtls_pk_write_key_der( &pk, data, data_size ); if( ret < 0 ) + { + memset( data, 0, data_size ); return( mbedtls_to_psa_error( ret ) ); + } /* The mbedtls_pk_xxx functions write to the end of the buffer. * Move the data to the beginning and erase remaining data * at the original location. */ if( 2 * (size_t) ret <= data_size ) { memcpy( data, data + data_size - ret, ret ); + memset( data + data_size - ret, 0, ret ); } else if( (size_t) ret < data_size ) { memmove( data, data + data_size - ret, ret ); + memset( data + ret, 0, data_size - ret ); } *data_length = ret; return( PSA_SUCCESS ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c1d0e149a..958637560 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7,6 +7,25 @@ #else #define PSA_CRYPTO_TEST_SIZE_T_RANGE( x ) 1 #endif + +/** Test if a buffer is not all-bits zero. + * + * \param buffer Pointer to the beginning of the buffer. + * \param size Size of the buffer in bytes. + * + * \return 0 if the buffer is all-bits-zero. + * \return A nonzero value otherwise. + */ +int mem_is_nonzero( void *buffer, size_t size ) +{ + size_t i; + for( i = 0; i < size; i++ ) + { + if( ( (unsigned char *) buffer )[i] != 0 ) + return( i + 1 ); + } + return( 0 ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -106,8 +125,13 @@ void import_export( data_t *data, exported, export_size, &exported_length ); TEST_ASSERT( status == (psa_status_t) expected_export_status ); + TEST_ASSERT( ! mem_is_nonzero( exported + exported_length, + export_size - exported_length ) ); if( status != PSA_SUCCESS ) + { + TEST_ASSERT( exported_length == 0 ); goto destroy; + } if( canonical_input ) { From 12313cd84c57be7ad3d150706171adadc529a3ff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 00:20:32 +0200 Subject: [PATCH 07/22] Implement psa_generate_key: AES, DES, RSA, ECP In the test cases, try exporting the generated key and perform sanity checks on it. --- library/psa_crypto.c | 144 +++++++++++++++++++- tests/suites/test_suite_psa_crypto.data | 51 +++++++ tests/suites/test_suite_psa_crypto.function | 130 ++++++++++++++++++ 3 files changed, 324 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8e7aeefa2..d75226cc6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -346,6 +346,41 @@ static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid ) } } +static mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve ) +{ + switch( curve ) + { + case PSA_ECC_CURVE_SECP192R1: + return( MBEDTLS_ECP_DP_SECP192R1 ); + case PSA_ECC_CURVE_SECP224R1: + return( MBEDTLS_ECP_DP_SECP224R1 ); + case PSA_ECC_CURVE_SECP256R1: + return( MBEDTLS_ECP_DP_SECP256R1 ); + case PSA_ECC_CURVE_SECP384R1: + return( MBEDTLS_ECP_DP_SECP384R1 ); + case PSA_ECC_CURVE_SECP521R1: + return( MBEDTLS_ECP_DP_SECP521R1 ); + case PSA_ECC_CURVE_BRAINPOOL_P256R1: + return( MBEDTLS_ECP_DP_BP256R1 ); + case PSA_ECC_CURVE_BRAINPOOL_P384R1: + return( MBEDTLS_ECP_DP_BP384R1 ); + case PSA_ECC_CURVE_BRAINPOOL_P512R1: + return( MBEDTLS_ECP_DP_BP512R1 ); + case PSA_ECC_CURVE_CURVE25519: + return( MBEDTLS_ECP_DP_CURVE25519 ); + case PSA_ECC_CURVE_SECP192K1: + return( MBEDTLS_ECP_DP_SECP192K1 ); + case PSA_ECC_CURVE_SECP224K1: + return( MBEDTLS_ECP_DP_SECP224K1 ); + case PSA_ECC_CURVE_SECP256K1: + return( MBEDTLS_ECP_DP_SECP256K1 ); + case PSA_ECC_CURVE_CURVE448: + return( MBEDTLS_ECP_DP_CURVE448 ); + default: + return( MBEDTLS_ECP_DP_NONE ); + } +} + static psa_status_t prepare_raw_data_slot( psa_key_type_t type, size_t bits, struct raw_data *raw ) @@ -2495,7 +2530,114 @@ psa_status_t psa_generate_key( psa_key_slot_t key, const void *parameters, size_t parameters_size ) { - return( PSA_ERROR_NOT_SUPPORTED ); + key_slot_t *slot; + + if( key == 0 || key > PSA_KEY_SLOT_COUNT ) + return( PSA_ERROR_INVALID_ARGUMENT ); + slot = &global_data.key_slots[key]; + if( slot->type != PSA_KEY_TYPE_NONE ) + return( PSA_ERROR_OCCUPIED_SLOT ); + if( parameters == NULL && parameters_size != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) + { + psa_status_t status = prepare_raw_data_slot( type, bits, + &slot->data.raw ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_generate_random( slot->data.raw.data, + slot->data.raw.bytes ); + if( status != PSA_SUCCESS ) + { + mbedtls_free( slot->data.raw.data ); + return( status ); + } +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) + { + mbedtls_des_key_set_parity( slot->data.raw.data ); + if( slot->data.raw.bytes >= 16 ) + mbedtls_des_key_set_parity( slot->data.raw.data + 8 ); + if( slot->data.raw.bytes == 24 ) + mbedtls_des_key_set_parity( slot->data.raw.data + 16 ); + } +#endif /* MBEDTLS_DES_C */ + } + else + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) + if ( type == PSA_KEY_TYPE_RSA_KEYPAIR ) + { + mbedtls_rsa_context *rsa; + int ret; + int exponent = 65537; + if( parameters != NULL ) + { + const unsigned *p = parameters; + if( parameters_size != sizeof( *p ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + if( *p > INT_MAX ) + return( PSA_ERROR_INVALID_ARGUMENT ); + exponent = *p; + } + rsa = mbedtls_calloc( 1, sizeof( *rsa ) ); + if( rsa == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + mbedtls_rsa_init( rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); + ret = mbedtls_rsa_gen_key( rsa, + mbedtls_ctr_drbg_random, + &global_data.ctr_drbg, + bits, + exponent ); + if( ret != 0 ) + { + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + return( mbedtls_to_psa_error( ret ) ); + } + slot->data.rsa = rsa; + } + else +#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ + +#if defined(MBEDTLS_ECP_C) + if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEYPAIR( type ) ) + { + psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type ); + mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve ); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_keypair *ecp; + int ret; + if( parameters != NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( curve_info->bit_size != bits ) + return( PSA_ERROR_INVALID_ARGUMENT ); + ecp = mbedtls_calloc( 1, sizeof( *ecp ) ); + if( ecp == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + mbedtls_ecp_keypair_init( ecp ); + ret = mbedtls_ecp_gen_key( grp_id, ecp, + mbedtls_ctr_drbg_random, + &global_data.ctr_drbg ); + if( ret != 0 ) + { + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + return( mbedtls_to_psa_error( ret ) ); + } + slot->data.ecp = ecp; + } + else +#endif /* MBEDTLS_ECP_C */ + + return( PSA_ERROR_NOT_SUPPORTED ); + + slot->type = type; + return( PSA_SUCCESS ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b4c0fa97a..9902a0ecb 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -479,3 +479,54 @@ generate_random:16:0 PSA generate random: 19 bytes generate_random:19:0 + +PSA generate key: bad type (0xffffffff) +generate_key:0xffffffff:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED + +PSA generate key: bad type (RSA public key) +generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED + +PSA generate key: raw data, 0 bits +generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS + +PSA generate key: raw data, 8 bits +generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS + +PSA generate key: raw data, 7 bits +generate_key:PSA_KEY_TYPE_AES:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT + +PSA generate key: AES, 128 bits, CTR +depends_on:MBEDTLS_AES_C +generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS + +PSA generate key: DES, 64 bits, CTR +depends_on:MBEDTLS_DES_C +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS + +PSA generate key: DES, 128 bits, CTR +depends_on:MBEDTLS_DES_C +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS + +PSA generate key: DES, 192 bits, CTR +depends_on:MBEDTLS_DES_C +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS + +PSA generate key: invalid key size: AES, 64 bits +depends_on:MBEDTLS_AES_C +generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT + +PSA generate key: RSA, 512 bits, good +depends_on:MBEDTLS_RSA_C +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS + +PSA generate key: RSA, 1024 bits, good +depends_on:MBEDTLS_RSA_C +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS + +PSA generate key: ECC, SECP256R1, good +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW:PSA_SUCCESS + +PSA generate key: ECC, SECP256R1, incorrect bit size +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW:PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 958637560..1cd9c22a0 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1585,3 +1585,133 @@ exit: mbedtls_free( buffer2 ); } /* END_CASE */ + +/* BEGIN_CASE */ +void generate_key( int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int expected_status_arg ) +{ + int slot = 1; + psa_key_type_t type = type_arg; + psa_key_usage_t usage = usage_arg; + size_t bits = bits_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_type_t got_type; + size_t got_bits; + unsigned char exported[616] = {0}; /* enough for a 1024-bit RSA key */ + size_t exported_length; + psa_status_t expected_export_status = + usage & PSA_KEY_USAGE_EXPORT ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED; + psa_status_t expected_info_status = + expected_status == PSA_SUCCESS ? PSA_SUCCESS : PSA_ERROR_EMPTY_SLOT; + psa_key_policy_t policy; + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + psa_key_policy_init( &policy ); + psa_key_policy_set_usage( &policy, usage, alg ); + TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); + + /* Generate a key */ + TEST_ASSERT( psa_generate_key( slot, type, bits, + NULL, 0 ) == expected_status ); + + /* Test the key information */ + TEST_ASSERT( psa_get_key_information( slot, + &got_type, + &got_bits ) == expected_info_status ); + if( expected_info_status != PSA_SUCCESS ) + goto exit; + TEST_ASSERT( got_type == type ); + TEST_ASSERT( got_bits == bits ); + + /* Export the key */ + TEST_ASSERT( psa_export_key( slot, + exported, sizeof( exported ), + &exported_length ) == expected_export_status ); + if( expected_export_status == PSA_SUCCESS ) + { + if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) + TEST_ASSERT( exported_length == ( bits + 7 ) / 8 ); +#if defined(MBEDTLS_DES_C) + if( type == PSA_KEY_TYPE_DES ) + { + /* Check the parity bits. */ + unsigned i; + for( i = 0; i < bits / 8; i++ ) + { + unsigned bit_count = 0; + unsigned m; + for( m = 1; m <= 0x100; m <<= 1 ) + { + if( exported[i] & m ) + ++bit_count; + } + TEST_ASSERT( bit_count % 2 != 0 ); + } + } +#endif +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) + if( type == PSA_KEY_TYPE_RSA_KEYPAIR ) + { + /* Sanity check: does this look like the beginning of a PKCS#8 + * RSA key pair? Assumes bits is a multiple of 8. */ + size_t n_bytes = bits / 8 + 1; + size_t n_encoded_bytes; + unsigned char *n_end; + TEST_ASSERT( exported_length >= 7 + ( n_bytes + 3 ) * 9 / 2 ); + TEST_ASSERT( exported[0] == 0x30 ); + TEST_ASSERT( exported[1] == 0x82 ); // assumes >=416-bit key + TEST_ASSERT( exported[4] == 0x02 ); + TEST_ASSERT( exported[5] == 0x01 ); + TEST_ASSERT( exported[6] == 0x00 ); + TEST_ASSERT( exported[7] == 0x02 ); + n_encoded_bytes = exported[8]; + n_end = exported + 9 + n_encoded_bytes; + if( n_encoded_bytes & 0x80 ) + { + n_encoded_bytes = ( n_encoded_bytes & 0x7f ) << 7; + n_encoded_bytes |= exported[9] & 0x7f; + n_end += 1; + } + /* The encoding of n should start with a 0 byte since it should + * have its high bit set. However Mbed TLS is not compliant and + * generates an invalid, but widely tolerated, encoding of + * positive INTEGERs with a bit size that is a multiple of 8 + * with no leading 0 byte. Accept this here. */ + TEST_ASSERT( n_bytes == n_encoded_bytes || + n_bytes == n_encoded_bytes + 1 ); + if( n_bytes == n_encoded_bytes ) + TEST_ASSERT( exported[n_encoded_bytes <= 127 ? 9 : 10] == 0x00 ); + /* Sanity check: e must be 3 */ + TEST_ASSERT( n_end[0] == 0x02 ); + TEST_ASSERT( n_end[1] == 0x03 ); + TEST_ASSERT( n_end[2] == 0x01 ); + TEST_ASSERT( n_end[3] == 0x00 ); + TEST_ASSERT( n_end[4] == 0x01 ); + TEST_ASSERT( n_end[5] == 0x02 ); + } +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) + if( PSA_KEY_TYPE_IS_ECC( type ) ) + { + /* Sanity check: does this look like the beginning of a PKCS#8 + * elliptic curve key pair? */ + TEST_ASSERT( exported_length >= bits * 3 / 8 + 10 ); + TEST_ASSERT( exported[0] == 0x30 ); + } +#endif /* MBEDTLS_ECP_C */ + } + + /* We should do something with the key according to its permitted usage. + * This would require figuring out what the key type allows or + * specifying it somehow in the test data. */ + +exit: + psa_destroy_key( slot ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ From 16c0f4f787e7d4f52072b4ad211fdc6e04c2c98e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 16:05:20 +0200 Subject: [PATCH 08/22] Fix potential memory corruption on MAC/cipher setup failure When psa_mac_start(), psa_encrypt_setup() or psa_cipher_setup() failed, depending on when the failure happened, it was possible that psa_mac_abort() or psa_cipher_abort() would crash because it would try to call a free() function uninitialized data in the operation structure. Refactor the functions so that they initialize the operation structure before doing anything else. Add non-regression tests and a few more positive and negative unit tests for psa_mac_start() and psa_cipher_setup() (the latter via psa_encrypt_setip()). --- library/psa_crypto.c | 94 +++++++++++++++------ tests/suites/test_suite_psa_crypto.data | 47 +++++++++++ tests/suites/test_suite_psa_crypto.function | 85 +++++++++++++++++++ 3 files changed, 202 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d75226cc6..535384c42 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1133,10 +1133,53 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) } } +/* Initialize the MAC operation structure. Once this function has been + * called, psa_mac_abort can run and will do the right thing. */ +static psa_status_t psa_mac_init( psa_mac_operation_t *operation, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + + operation->alg = alg; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 0; + operation->has_input = 0; + operation->key_usage_sign = 0; + operation->key_usage_verify = 0; + +#if defined(MBEDTLS_CMAC_C) + if( alg == PSA_ALG_CMAC ) + { + operation->iv_required = 0; + mbedtls_cipher_init( &operation->ctx.cmac ); + status = PSA_SUCCESS; + } + else +#endif /* MBEDTLS_CMAC_C */ +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + status = psa_hash_start( &operation->ctx.hmac.hash_ctx, + PSA_ALG_HMAC_HASH( alg ) ); + } + else +#endif /* MBEDTLS_MD_C */ + { + /* fall through with NOT_SUPPORTED */ + } + + if( status != PSA_SUCCESS ) + memset( operation, 0, sizeof( *operation ) ); + return( status ); +} + psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { switch( operation->alg ) { + case 0: + return( PSA_SUCCESS ); #if defined(MBEDTLS_CMAC_C) case PSA_ALG_CMAC: mbedtls_cipher_free( &operation->ctx.cmac ); @@ -1165,6 +1208,8 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) operation->iv_set = 0; operation->iv_required = 0; operation->has_input = 0; + operation->key_usage_sign = 0; + operation->key_usage_verify = 0; return( PSA_SUCCESS ); } @@ -1178,8 +1223,6 @@ static int psa_cmac_start( psa_mac_operation_t *operation, int ret; operation->mac_size = cipher_info->block_size; - operation->iv_required = 0; - mbedtls_cipher_init( &operation->ctx.cmac ); ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); if( ret != 0 ) @@ -1213,14 +1256,9 @@ static int psa_hmac_start( psa_mac_operation_t *operation, if( key_type != PSA_KEY_TYPE_HMAC ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->iv_required = 0; operation->mac_size = digest_size; - status = psa_hash_start( &operation->ctx.hmac.hash_ctx, - PSA_ALG_HMAC_HASH( alg ) ); - if( status != PSA_SUCCESS ) - return( status ); - + /* The hash was started earlier in psa_mac_init. */ if( key_length > block_size ) { status = psa_hash_update( &operation->ctx.hmac.hash_ctx, @@ -1274,13 +1312,9 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - operation->alg = 0; - operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 1; - operation->has_input = 0; - operation->key_usage_sign = 0; - operation->key_usage_verify = 0; + status = psa_mac_init( operation, alg ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1332,7 +1366,6 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, else { - operation->alg = alg; operation->key_set = 1; } return( status ); @@ -1872,6 +1905,21 @@ psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key, /* Symmetric cryptography */ /****************************************************************/ +/* Initialize the cipher operation structure. Once this function has been + * called, psa_cipher_abort can run and will do the right thing. */ +static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, + psa_algorithm_t alg ) +{ + operation->alg = alg; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 1; + operation->iv_size = 0; + operation->block_size = 0; + mbedtls_cipher_init( &operation->ctx.cipher ); + return( PSA_SUCCESS ); +} + static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_slot_t key, psa_algorithm_t alg, @@ -1884,12 +1932,9 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - operation->alg = alg; - operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 1; - operation->iv_size = 0; - operation->block_size = 0; + status = psa_cipher_init( operation, alg ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1900,7 +1945,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_cipher_init( &operation->ctx.cipher ); ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); if( ret != 0 ) { @@ -1944,7 +1988,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING operation->key_set = 1; - operation->alg = alg; operation->block_size = ( PSA_ALG_IS_BLOCK_CIPHER( alg ) ? PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) : 1 ); @@ -2119,6 +2162,9 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { + if( operation->alg == 0 ) + return( PSA_SUCCESS ); + mbedtls_cipher_free( &operation->ctx.cipher ); operation->alg = 0; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9902a0ecb..552faf9c4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -106,6 +106,14 @@ key_lifetime_set_fail:1:PSA_KEY_LIFETIME_WRITE_ONCE:PSA_ERROR_NOT_SUPPORTED PSA key lifetime set: invalid key lifetime value key_lifetime_set_fail:1:PSA_KEY_LIFETIME_PERSISTENT+1:PSA_ERROR_INVALID_ARGUMENT +PSA hash setup: good, SHA-256 +depends_on:MBEDTLS_SHA256_C +hash_setup:PSA_ALG_SHA_256:PSA_SUCCESS + +PSA hash setup: bad (unknown hash algorithm) +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +hash_setup:0x80000000 | PSA_ALG_SHA_256:PSA_ERROR_NOT_SUPPORTED + PSA hash finish: SHA-256 depends_on:MBEDTLS_SHA256_C hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b" @@ -114,6 +122,27 @@ PSA hash verify: SHA-256 depends_on:MBEDTLS_SHA256_C hash_verify:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b" +PSA MAC setup: good, HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS + +PSA MAC setup: good, AES-CMAC +depends_on:MBEDTLS_AES_C:MBEDTLS_CMAC_C +mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_SUCCESS + +PSA MAC setup: bad algorithm (unknown MAC algorithm) +depends_on:MBEDTLS_MD_C +mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED + +PSA MAC setup: invalid key type, HMAC-SHA-256 +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT + +PSA MAC setup: incompatible key DES for CMAC +depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C +# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here +mac_setup:PSA_KEY_TYPE_DES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED + PSA MAC verify: HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_verify:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"8bb9a1db9806f20df7f77b82138c7914d174d59e13dc4d0169c9057b133e1d62" @@ -218,6 +247,24 @@ PSA MAC verify: CMAC-AES-128 depends_on:MBEDTLS_CMAC_C:MBEDTLS_AES_C mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827" +PSA cipher setup: good, AES-CTR +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_SUCCESS + +PSA cipher setup: bad algorithm (unknown cipher algorithm) +depends_on:MBEDTLS_AES_C +cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CATEGORY_CIPHER:PSA_ERROR_NOT_SUPPORTED + +PSA cipher setup: invalid key type, CTR +depends_on:MBEDTLS_CIPHER_MODE_CTR +# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here +cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED + +PSA cipher setup: incompatible key ARC4 for CTR +depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR +# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here +cipher_setup:PSA_KEY_TYPE_ARC4:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1cd9c22a0..ee781326e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -374,6 +374,25 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void hash_setup( int alg_arg, + int expected_status_arg ) +{ + psa_algorithm_t alg = alg_arg; + psa_hash_operation_t operation; + psa_status_t status; + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + status = psa_hash_start( &operation, alg ); + psa_hash_abort( &operation ); + TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + +exit: + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash ) { @@ -430,6 +449,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mac_setup( int key_type_arg, + data_t *key, + int alg_arg, + int expected_status_arg ) +{ + int key_slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_mac_operation_t operation; + psa_key_policy_t policy; + psa_status_t status; + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + psa_key_policy_init( &policy ); + psa_key_policy_set_usage( &policy, + PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY, + alg ); + TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( key_slot, key_type, + key->x, key->len ) == PSA_SUCCESS ); + + status = psa_mac_start( &operation, key_slot, alg ); + psa_mac_abort( &operation ); + TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + +exit: + psa_destroy_key( key_slot ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void mac_verify( int key_type_arg, data_t *key, @@ -473,6 +526,38 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void cipher_setup( int key_type_arg, + data_t *key, + int alg_arg, + int expected_status_arg ) +{ + int key_slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_cipher_operation_t operation; + psa_key_policy_t policy; + psa_status_t status; + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + psa_key_policy_init( &policy ); + psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT, alg ); + TEST_ASSERT( psa_set_key_policy( key_slot, &policy ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( key_slot, key_type, + key->x, key->len ) == PSA_SUCCESS ); + + status = psa_encrypt_setup( &operation, key_slot, alg ); + psa_cipher_abort( &operation ); + TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + +exit: + psa_destroy_key( key_slot ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, From 248051acb6a1d24bb83504cd9eaae2a3f9418044 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 16:09:38 +0200 Subject: [PATCH 09/22] Add missing #ifdef guards around psa_hmac_start --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 535384c42..dba8a5daf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1235,6 +1235,7 @@ static int psa_cmac_start( psa_mac_operation_t *operation, } #endif /* MBEDTLS_CMAC_C */ +#if defined(MBEDTLS_MD_C) static int psa_hmac_start( psa_mac_operation_t *operation, psa_key_type_t key_type, key_slot_t *slot, @@ -1301,6 +1302,7 @@ cleanup: return( status ); } +#endif /* MBEDTLS_MD_C */ psa_status_t psa_mac_start( psa_mac_operation_t *operation, psa_key_slot_t key, @@ -1357,13 +1359,11 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, } /* If we reach this point, then the algorithm-specific part of the - * context may contain data that needs to be wiped on error. */ if( status != PSA_SUCCESS ) { psa_mac_abort( operation ); } - else { operation->key_set = 1; From c06e07128c0588f100803eda09cd11b42bb5f16e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 16:21:04 +0200 Subject: [PATCH 10/22] Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types In psa_hash_start, psa_mac_start and psa_cipher_setup, return PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when the algorithm parameter is not the right category. --- library/psa_crypto.c | 13 +++++++++++-- tests/suites/test_suite_psa_crypto.data | 12 ++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dba8a5daf..90b43549c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -865,7 +865,9 @@ psa_status_t psa_hash_start( psa_hash_operation_t *operation, break; #endif default: - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ALG_IS_HASH( alg ) ? + PSA_ERROR_NOT_SUPPORTED : + PSA_ERROR_INVALID_ARGUMENT ); } if( ret == 0 ) operation->alg = alg; @@ -1166,7 +1168,8 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, else #endif /* MBEDTLS_MD_C */ { - /* fall through with NOT_SUPPORTED */ + if( ! PSA_ALG_IS_MAC( alg ) ) + status = PSA_ERROR_INVALID_ARGUMENT; } if( status != PSA_SUCCESS ) @@ -1910,6 +1913,12 @@ psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key, static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, psa_algorithm_t alg ) { + if( ! PSA_ALG_IS_CIPHER( alg ) ) + { + memset( operation, 0, sizeof( *operation ) ); + return( PSA_ERROR_INVALID_ARGUMENT ); + } + operation->alg = alg; operation->key_set = 0; operation->iv_set = 0; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 552faf9c4..c0d7c3ebe 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -114,6 +114,10 @@ PSA hash setup: bad (unknown hash algorithm) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C hash_setup:0x80000000 | PSA_ALG_SHA_256:PSA_ERROR_NOT_SUPPORTED +PSA hash setup: bad (not a hash algorithm) +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +hash_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT + PSA hash finish: SHA-256 depends_on:MBEDTLS_SHA256_C hash_finish:PSA_ALG_SHA_256:"bd":"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b" @@ -134,6 +138,10 @@ PSA MAC setup: bad algorithm (unknown MAC algorithm) depends_on:MBEDTLS_MD_C mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED +PSA MAC setup: bad algorithm (not a MAC algorithm) +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_ERROR_INVALID_ARGUMENT + PSA MAC setup: invalid key type, HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT @@ -255,6 +263,10 @@ PSA cipher setup: bad algorithm (unknown cipher algorithm) depends_on:MBEDTLS_AES_C cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CATEGORY_CIPHER:PSA_ERROR_NOT_SUPPORTED +PSA cipher setup: bad algorithm (not a cipher algorithm) +depends_on:MBEDTLS_AES_C +cipher_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_INVALID_ARGUMENT + PSA cipher setup: invalid key type, CTR depends_on:MBEDTLS_CIPHER_MODE_CTR # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here From 818ca1283a44506ac3ab13fb79edb3a60cae10ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Jun 2018 18:16:48 +0200 Subject: [PATCH 11/22] generate_key tests: exercise the key After generating a key, perform a smoke test: run one operation with it and check that the operation has the expected status. --- tests/suites/test_suite_psa_crypto.data | 38 ++-- tests/suites/test_suite_psa_crypto.function | 238 +++++++++++++++++++- 2 files changed, 258 insertions(+), 18 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c0d7c3ebe..2e6b63e33 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -556,36 +556,44 @@ generate_key:PSA_KEY_TYPE_AES:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMEN PSA generate key: AES, 128 bits, CTR depends_on:MBEDTLS_AES_C -generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS -PSA generate key: DES, 64 bits, CTR -depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS +PSA generate key: AES, 128 bits, GCM +depends_on:MBEDTLS_AES_C +generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS -PSA generate key: DES, 128 bits, CTR +PSA generate key: DES, 64 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS -PSA generate key: DES, 192 bits, CTR +PSA generate key: DES, 128 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS + +PSA generate key: DES, 192 bits, CBC-nopad +depends_on:MBEDTLS_DES_C +generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS PSA generate key: invalid key size: AES, 64 bits depends_on:MBEDTLS_AES_C -generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT +generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT -PSA generate key: RSA, 512 bits, good +PSA generate key: RSA, 512 bits, good, sign depends_on:MBEDTLS_RSA_C -generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS -PSA generate key: RSA, 1024 bits, good +PSA generate key: RSA, 1024 bits, good, sign depends_on:MBEDTLS_RSA_C -generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS + +PSA generate key: RSA, 512 bits, good, encrypt +depends_on:MBEDTLS_RSA_C +generate_key:PSA_KEY_TYPE_RSA_KEYPAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS PSA generate key: ECC, SECP256R1, good depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW | PSA_ALG_SHA_256:PSA_SUCCESS PSA generate key: ECC, SECP256R1, incorrect bit size depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT|PSA_KEY_USAGE_SIGN|PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW:PSA_ERROR_INVALID_ARGUMENT +generate_key:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY:PSA_ALG_ECDSA_RAW:PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ee781326e..ac6746d06 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -26,6 +26,230 @@ int mem_is_nonzero( void *buffer, size_t size ) } return( 0 ); } + +static int exercise_mac_key( psa_key_slot_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_mac_operation_t operation; + const unsigned char input[] = "foo"; + unsigned char mac[64] = {0}; + size_t mac_length = sizeof( mac ); + + if( usage & PSA_KEY_USAGE_SIGN ) + { + TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_finish( &operation, + mac, sizeof( input ), + &mac_length ) == PSA_SUCCESS ); + } + + if( usage & PSA_KEY_USAGE_VERIFY ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_ASSERT( psa_mac_start( &operation, key, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_update( &operation, + input, sizeof( input ) ) == PSA_SUCCESS ); + TEST_ASSERT( psa_mac_verify( &operation, mac, mac_length ) == verify_status ); + } + + return( 1 ); + +exit: + psa_mac_abort( &operation ); + return( 0 ); +} + +static int exercise_cipher_key( psa_key_slot_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + psa_cipher_operation_t operation; + unsigned char iv[16] = {0}; + size_t iv_length = sizeof( iv ); + const unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + unsigned char decrypted[sizeof( ciphertext )]; + size_t part_length; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + TEST_ASSERT( psa_encrypt_setup( &operation, key, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_generate_iv( &operation, + iv, sizeof( iv ), + &iv_length ) == PSA_SUCCESS ); + TEST_ASSERT( psa_cipher_update( &operation, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) == PSA_SUCCESS ); + TEST_ASSERT( psa_cipher_finish( &operation, + ciphertext + ciphertext_length, + sizeof( ciphertext ) - ciphertext_length, + &part_length ) == PSA_SUCCESS ); + ciphertext_length += part_length; + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status; + if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) + { + psa_key_type_t type; + size_t bits; + TEST_ASSERT( psa_get_key_information( key, &type, &bits ) ); + iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( type ); + } + TEST_ASSERT( psa_decrypt_setup( &operation, key, alg ) == PSA_SUCCESS ); + TEST_ASSERT( psa_encrypt_set_iv( &operation, + iv, iv_length ) == PSA_SUCCESS ); + TEST_ASSERT( psa_cipher_update( &operation, + ciphertext, ciphertext_length, + decrypted, sizeof( decrypted ), + &part_length ) == PSA_SUCCESS ); + status = psa_cipher_finish( &operation, + decrypted + part_length, + sizeof( decrypted ) - part_length, + &part_length ); + /* For a stream cipher, all inputs are valid. For a block cipher, + * if the input is some aribtrary data rather than an actual + ciphertext, a padding error is likely. */ + if( ( usage & PSA_KEY_USAGE_DECRYPT ) || + PSA_BLOCK_CIPHER_BLOCK_SIZE( alg ) == 1 ) + TEST_ASSERT( status == PSA_SUCCESS ); + else + TEST_ASSERT( status == PSA_SUCCESS || + status == PSA_ERROR_INVALID_PADDING ); + } + + return( 1 ); + +exit: + psa_cipher_abort( &operation ); + return( 0 ); +} + +static int exercise_aead_key( psa_key_slot_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char nonce[16] = {0}; + size_t nonce_length = sizeof( nonce ); + unsigned char plaintext[16] = "Hello, world..."; + unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = sizeof( ciphertext ); + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + TEST_ASSERT( psa_aead_encrypt( key, alg, + nonce, nonce_length, + NULL, 0, + plaintext, sizeof( plaintext ), + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) == PSA_SUCCESS ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_ENCRYPT ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_ASSERT( psa_aead_decrypt( key, alg, + nonce, nonce_length, + NULL, 0, + ciphertext, ciphertext_length, + plaintext, sizeof( plaintext ), + &plaintext_length ) == verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_signature_key( psa_key_slot_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char payload[16] = {0}; + size_t payload_length = sizeof( payload ); + unsigned char signature[256] = {0}; + size_t signature_length = sizeof( signature ); + + if( usage & PSA_KEY_USAGE_SIGN ) + { + TEST_ASSERT( psa_asymmetric_sign( key, alg, + payload, payload_length, + NULL, 0, + signature, sizeof( signature ), + &signature_length ) == PSA_SUCCESS ); + } + + if( usage & PSA_KEY_USAGE_VERIFY ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_ASSERT( psa_asymmetric_verify( key, alg, + payload, payload_length, + NULL, 0, + signature, signature_length ) == + verify_status ); + } + + return( 1 ); + +exit: + return( 0 ); +} + +static int exercise_asymmetric_encryption_key( psa_key_slot_t key, + psa_key_usage_t usage, + psa_algorithm_t alg ) +{ + unsigned char plaintext[256] = "Hello, world..."; + unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + size_t ciphertext_length = sizeof( ciphertext ); + size_t plaintext_length = 16; + + if( usage & PSA_KEY_USAGE_ENCRYPT ) + { + TEST_ASSERT( + psa_asymmetric_encrypt( key, alg, + plaintext, plaintext_length, + NULL, 0, + ciphertext, sizeof( ciphertext ), + &ciphertext_length ) == PSA_SUCCESS ); + } + + if( usage & PSA_KEY_USAGE_DECRYPT ) + { + psa_status_t status = + psa_asymmetric_decrypt( key, alg, + ciphertext, ciphertext_length, + NULL, 0, + plaintext, sizeof( plaintext ), + &plaintext_length ); + TEST_ASSERT( status == PSA_SUCCESS || + ( ( usage & PSA_KEY_USAGE_ENCRYPT ) == 0 && + ( status == PSA_ERROR_INVALID_ARGUMENT || + status == PSA_ERROR_INVALID_PADDING ) ) ); + } + + return( 1 ); + +exit: + return( 0 ); +} /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -1791,9 +2015,17 @@ void generate_key( int type_arg, #endif /* MBEDTLS_ECP_C */ } - /* We should do something with the key according to its permitted usage. - * This would require figuring out what the key type allows or - * specifying it somehow in the test data. */ + /* Do something with the key according to its type and permitted usage. */ + if( PSA_ALG_IS_MAC( alg ) ) + exercise_mac_key( slot, usage, alg ); + else if( PSA_ALG_IS_CIPHER( alg ) ) + exercise_cipher_key( slot, usage, alg ); + else if( PSA_ALG_IS_AEAD( alg ) ) + exercise_aead_key( slot, usage, alg ); + else if( PSA_ALG_IS_SIGN( alg ) ) + exercise_signature_key( slot, usage, alg ); + else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) + exercise_asymmetric_encryption_key( slot, usage, alg ); exit: psa_destroy_key( slot ); From 3f669c374af40f5fbf980e4ec430a7e007f1fffd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:21:51 +0200 Subject: [PATCH 12/22] Simplify mem_is_nonzero to mem_is_zero This also fixes a bug that the value that mem_is_nonzero tried to return could overflow int. --- tests/suites/test_suite_psa_crypto.function | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ac6746d06..773163ba1 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -13,18 +13,18 @@ * \param buffer Pointer to the beginning of the buffer. * \param size Size of the buffer in bytes. * - * \return 0 if the buffer is all-bits-zero. - * \return A nonzero value otherwise. + * \return 1 if the buffer is all-bits-zero. + * \return 0 if there is at least one nonzero byte. */ -int mem_is_nonzero( void *buffer, size_t size ) +static int mem_is_zero( void *buffer, size_t size ) { size_t i; for( i = 0; i < size; i++ ) { if( ( (unsigned char *) buffer )[i] != 0 ) - return( i + 1 ); + return( 0 ); } - return( 0 ); + return( 1 ); } static int exercise_mac_key( psa_key_slot_t key, @@ -349,8 +349,8 @@ void import_export( data_t *data, exported, export_size, &exported_length ); TEST_ASSERT( status == (psa_status_t) expected_export_status ); - TEST_ASSERT( ! mem_is_nonzero( exported + exported_length, - export_size - exported_length ) ); + TEST_ASSERT( mem_is_zero( exported + exported_length, + export_size - exported_length ) ); if( status != PSA_SUCCESS ) { TEST_ASSERT( exported_length == 0 ); From b866e2b4d26c2580a9c903f160fc08a0c9c9a9cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:25:10 +0200 Subject: [PATCH 13/22] Get rid of some casts in test_suite_psa_crypto Use more auxiliary variables to unmarshall int values. --- tests/suites/test_suite_psa_crypto.function | 34 +++++++++++++-------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 773163ba1..84cb69a66 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -274,9 +274,10 @@ void init_deinit( ) /* END_CASE */ /* BEGIN_CASE */ -void import( data_t *data, int type, int expected_status ) +void import( data_t *data, int type, int expected_status_arg ) { int slot = 1; + psa_status_t expected_status = expected_status_arg; psa_status_t status; TEST_ASSERT( data != NULL ); @@ -284,7 +285,7 @@ void import( data_t *data, int type, int expected_status ) TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); status = psa_import_key( slot, type, data->x, data->len ); - TEST_ASSERT( status == (psa_status_t) expected_status ); + TEST_ASSERT( status == expected_status ); if( status == PSA_SUCCESS ) TEST_ASSERT( psa_destroy_key( slot ) == PSA_SUCCESS ); @@ -300,13 +301,14 @@ void import_export( data_t *data, int usage_arg, int expected_bits, int export_size_delta, - int expected_export_status, + int expected_export_status_arg, int canonical_input ) { int slot = 1; int slot2 = slot + 1; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_export_status = expected_export_status_arg; psa_status_t status; unsigned char *exported = NULL; unsigned char *reexported = NULL; @@ -348,7 +350,7 @@ void import_export( data_t *data, status = psa_export_key( slot, exported, export_size, &exported_length ); - TEST_ASSERT( status == (psa_status_t) expected_export_status ); + TEST_ASSERT( status == expected_export_status ); TEST_ASSERT( mem_is_zero( exported + exported_length, export_size - exported_length ) ); if( status != PSA_SUCCESS ) @@ -397,11 +399,12 @@ void import_export_public_key( data_t *data, int alg_arg, int expected_bits, int public_key_expected_length, - int expected_export_status ) + int expected_export_status_arg ) { int slot = 1; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_export_status = expected_export_status_arg; psa_status_t status; unsigned char *exported = NULL; size_t export_size; @@ -437,7 +440,7 @@ void import_export_public_key( data_t *data, status = psa_export_public_key( slot, exported, export_size, &exported_length ); - TEST_ASSERT( status == (psa_status_t) expected_export_status ); + TEST_ASSERT( status == expected_export_status ); if( status != PSA_SUCCESS ) goto destroy; @@ -603,6 +606,7 @@ void hash_setup( int alg_arg, int expected_status_arg ) { psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; psa_hash_operation_t operation; psa_status_t status; @@ -610,7 +614,7 @@ void hash_setup( int alg_arg, status = psa_hash_start( &operation, alg ); psa_hash_abort( &operation ); - TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + TEST_ASSERT( status == expected_status ); exit: mbedtls_psa_crypto_free( ); @@ -682,6 +686,7 @@ void mac_setup( int key_type_arg, int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; psa_mac_operation_t operation; psa_key_policy_t policy; psa_status_t status; @@ -699,7 +704,7 @@ void mac_setup( int key_type_arg, status = psa_mac_start( &operation, key_slot, alg ); psa_mac_abort( &operation ); - TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + TEST_ASSERT( status == expected_status ); exit: psa_destroy_key( key_slot ); @@ -759,6 +764,7 @@ void cipher_setup( int key_type_arg, int key_slot = 1; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; psa_cipher_operation_t operation; psa_key_policy_t policy; psa_status_t status; @@ -774,7 +780,7 @@ void cipher_setup( int key_type_arg, status = psa_encrypt_setup( &operation, key_slot, alg ); psa_cipher_abort( &operation ); - TEST_ASSERT( status == (psa_status_t) expected_status_arg ); + TEST_ASSERT( status == expected_status ); exit: psa_destroy_key( key_slot ); @@ -786,12 +792,13 @@ exit: void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *input, data_t *expected_output, - int expected_status ) + int expected_status_arg ) { int key_slot = 1; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; @@ -833,7 +840,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, &function_output_length ); total_output_length += function_output_length; - TEST_ASSERT( status == (psa_status_t) expected_status ); + TEST_ASSERT( status == expected_status ); if( expected_status == PSA_SUCCESS ) { TEST_ASSERT( psa_cipher_abort( &operation ) == PSA_SUCCESS ); @@ -994,12 +1001,13 @@ exit: void cipher_decrypt( int alg_arg, int key_type_arg, data_t *key, data_t *input, data_t *expected_output, - int expected_status ) + int expected_status_arg ) { int key_slot = 1; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; unsigned char *output = NULL; size_t output_buffer_size = 0; @@ -1041,7 +1049,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, output_buffer_size, &function_output_length ); total_output_length += function_output_length; - TEST_ASSERT( status == (psa_status_t) expected_status ); + TEST_ASSERT( status == expected_status ); if( expected_status == PSA_SUCCESS ) { From 140855615fbac66e21a601657742f9693437430d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:28:55 +0200 Subject: [PATCH 14/22] Fix copypasta in some test cases --- tests/suites/test_suite_psa_crypto.data | 28 ++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2e6b63e33..631447cd2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -31,27 +31,27 @@ import:"0123456789abcdef":PSA_KEY_TYPE_AES:PSA_ERROR_INVALID_ARGUMENT PSA import/export RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 PSA import/export RSA public key: good, 1024-bit, larger buffer depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: policy forbids export depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_ENCRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_ENCRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, 1024-bit, larger buffer depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: trailing garbage ignored depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0 +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0 PSA import RSA keypair: truncated depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C @@ -59,15 +59,15 @@ import:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541e PSA import/export RSA keypair: good, 1023-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_USAGE_EXPORT:1023:0:PSA_SUCCESS:1 +import_export:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1023:0:PSA_SUCCESS:1 PSA import/export-public RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export_public_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:1024:162:PSA_SUCCESS +import_export_public_key:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:162:PSA_SUCCESS PSA import/export-public PSA keypair: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:1024:162:PSA_SUCCESS +import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1024:162:PSA_SUCCESS PSA import/export-public: cannot export-public a symmetric key depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C @@ -546,13 +546,13 @@ PSA generate key: bad type (RSA public key) generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED PSA generate key: raw data, 0 bits -generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS + +PSA generate key: raw data, 7 bits: invalid argument +generate_key:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT PSA generate key: raw data, 8 bits -generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS - -PSA generate key: raw data, 7 bits -generate_key:PSA_KEY_TYPE_AES:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT +generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS PSA generate key: AES, 128 bits, CTR depends_on:MBEDTLS_AES_C From b54979a297702014f12f50bf3b2652f2671737bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:32:47 +0200 Subject: [PATCH 15/22] Refuse non-byte-sized raw data keys Since the key size is stored in bytes, we can't have a key whose size isn't a whole number of bytes. --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 90b43549c..ba80912dd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -420,6 +420,8 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type, default: return( PSA_ERROR_NOT_SUPPORTED ); } + if( bits % 8 != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); /* Allocate memory for the key */ raw->bytes = PSA_BITS_TO_BYTES( bits ); From 775b8e97b1795a720870c304413a9f1f65a4180d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:34:34 +0200 Subject: [PATCH 16/22] export asymmetric key: more larger buffer cases Test not only a buffer that's one byte larger than the minimum, but also larger sizes that currently trigger a different code path. --- tests/suites/test_suite_psa_crypto.data | 28 +++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 631447cd2..aafc243fc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -33,10 +33,22 @@ PSA import/export RSA public key: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 -PSA import/export RSA public key: good, 1024-bit, larger buffer +PSA import/export RSA public key: good, larger buffer (+1 byte) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 +PSA import/export RSA public key: good, larger buffer (*2-1) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:161:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (*2) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:162:PSA_SUCCESS:1 + +PSA import/export RSA public key: good, larger buffer (*2+1) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:163:PSA_SUCCESS:1 + PSA import/export RSA keypair: policy forbids export depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_ENCRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 @@ -45,10 +57,22 @@ PSA import/export RSA keypair: good, 1024-bit depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:0:PSA_SUCCESS:1 -PSA import/export RSA keypair: good, 1024-bit, larger buffer +PSA import/export RSA keypair: good, larger buffer (+1 byte) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:1:PSA_SUCCESS:1 +PSA import/export RSA keypair: good, larger buffer (*2-1) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:609:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (*2) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:610:PSA_SUCCESS:1 + +PSA import/export RSA keypair: good, larger buffer (*2+1) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:611:PSA_SUCCESS:1 + PSA import/export RSA keypair: trailing garbage ignored depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0 From 9a94480685ee3280be70aeaf650ee6d49ffdfe74 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:35:35 +0200 Subject: [PATCH 17/22] Convert ERR_ASN1 error codes to PSA This fixes the error code when psa_export_key on an asymmetric key reports that the output buffer is too small. --- library/psa_crypto.c | 12 ++++++++++++ tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba80912dd..adcadf3f5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -39,6 +39,7 @@ #endif #include "mbedtls/arc4.h" +#include "mbedtls/asn1.h" #include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/cipher.h" @@ -144,6 +145,17 @@ static psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_ASN1_OUT_OF_DATA: + case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: + case MBEDTLS_ERR_ASN1_INVALID_LENGTH: + case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: + case MBEDTLS_ERR_ASN1_INVALID_DATA: + return( PSA_ERROR_INVALID_ARGUMENT ); + case MBEDTLS_ERR_ASN1_ALLOC_FAILED: + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: + return( PSA_ERROR_BUFFER_TOO_SMALL ); + case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH: case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH: return( PSA_ERROR_NOT_SUPPORTED ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index aafc243fc..94fb181e0 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -49,6 +49,10 @@ PSA import/export RSA public key: good, larger buffer (*2+1) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:163:PSA_SUCCESS:1 +PSA import/export RSA public key: export buffer too small +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"30819f300d06092a864886f70d010101050003818d0030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 + PSA import/export RSA keypair: policy forbids export depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_ENCRYPT:1024:0:PSA_ERROR_NOT_PERMITTED:1 @@ -73,6 +77,10 @@ PSA import/export RSA keypair: good, larger buffer (*2+1) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:611:PSA_SUCCESS:1 +PSA import/export RSA keypair: export buffer too small +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 + PSA import/export RSA keypair: trailing garbage ignored depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEYPAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_EXPORT:1024:-1:PSA_SUCCESS:0 From 9ad29e2bee1c12f6799d269307abf10f6153d8f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:40:04 +0200 Subject: [PATCH 18/22] Add what little was missing to fully support DES Also add what was missing in the test suite to support block ciphers with a block size that isn't 16. Fix some buggy test data that passed only due to problems with DES support in the product. --- library/psa_crypto.c | 27 ++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 34 ++++++++++++++++++--- tests/suites/test_suite_psa_crypto.function | 20 ++++++++---- 3 files changed, 68 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index adcadf3f5..a610af364 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1102,10 +1102,17 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; case PSA_KEY_TYPE_DES: + /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, + * and 192 for three-key Triple-DES. */ if( key_bits == 64 ) cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; else cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; + /* mbedtls doesn't recognize two-key Triple-DES as an algorithm, + * but two-key Triple-DES is functionally three-key Triple-DES + * with K1=K3, so that's how we present it to mbedtls. */ + if( key_bits == 128 ) + key_bits = 192; break; case PSA_KEY_TYPE_CAMELLIA: cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; @@ -1975,8 +1982,24 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, slot->data.raw.data, - key_bits, cipher_operation ); +#if defined(MBEDTLS_DES_C) + if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) + { + /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ + unsigned char keys[24]; + memcpy( keys, slot->data.raw.data, 16 ); + memcpy( keys + 16, slot->data.raw.data, 8 ); + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + keys, + 192, cipher_operation ); + } + else +#endif + { + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + slot->data.raw.data, + key_bits, cipher_operation ); + } if( ret != 0 ) { psa_cipher_abort( operation ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 94fb181e0..9ed9cf532 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -178,10 +178,10 @@ PSA MAC setup: invalid key type, HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT -PSA MAC setup: incompatible key DES for CMAC -depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C +PSA MAC setup: incompatible key HMAC for CMAC +depends_on:MBEDTLS_CMAC_C # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here -mac_setup:PSA_KEY_TYPE_DES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED PSA MAC verify: HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -333,6 +333,18 @@ PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS +PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS + +PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS + +PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -357,6 +369,18 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE +PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS + +PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS + +PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS + PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_verify_output:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -600,11 +624,11 @@ generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA generate key: DES, 128 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS PSA generate key: DES, 192 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS PSA generate key: invalid key size: AES, 64 bits depends_on:MBEDTLS_AES_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 84cb69a66..c64138223 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -800,6 +800,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -813,7 +814,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -824,7 +826,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, - iv, sizeof( iv ) ) == PSA_SUCCESS ); + iv, iv_size ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -867,6 +869,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -880,7 +883,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -937,6 +941,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -950,7 +955,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -1009,6 +1015,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -1022,7 +1029,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -1033,7 +1041,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, - iv, sizeof( iv ) ) == PSA_SUCCESS ); + iv, iv_size ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); From a50d7396f3ef605ebf5529ca211bae71836502c0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 10:22:13 +0200 Subject: [PATCH 19/22] test of generate_random: focus on testing the output buffer size In the test generate_random, focus on testing that psa_generate_random is writing all the bytes of the output buffer and no more. Add a check that it is writing to each byte of the output buffer. Do not try to look for repeating output as the structure of a unit test isn't likely to catch that sort of problem anyway. --- tests/suites/test_suite_psa_crypto.data | 13 +++-- tests/suites/test_suite_psa_crypto.function | 62 ++++++++++++--------- 2 files changed, 43 insertions(+), 32 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9ed9cf532..265a6d5be 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -581,19 +581,22 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":PSA_ERROR_INVALID_ARGUMENT PSA generate random: 0 bytes -generate_random:0:0 +generate_random:0 PSA generate random: 1 byte -generate_random:1:8 +generate_random:1 PSA generate random: 4 bytes -generate_random:1:2 +generate_random:4 PSA generate random: 16 bytes -generate_random:16:0 +generate_random:16 PSA generate random: 19 bytes -generate_random:19:0 +generate_random:19 + +PSA generate random: 260 bytes +generate_random:260 PSA generate key: bad type (0xffffffff) generate_key:0xffffffff:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c64138223..9af19fa6d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1871,43 +1871,51 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void generate_random( int bytes, int retries ) +void generate_random( int bytes_arg ) { - const unsigned char trail[] = "foobar"; - unsigned char *buffer1 = mbedtls_calloc( 1, bytes + sizeof( trail ) ); - unsigned char *buffer2 = mbedtls_calloc( 1, bytes ); + size_t bytes = bytes_arg; + const unsigned char trail[] = "don't overwrite me"; + unsigned char *output = mbedtls_calloc( 1, bytes + sizeof( trail ) ); + unsigned char *changed = mbedtls_calloc( 1, bytes ); + size_t i; + unsigned run; - TEST_ASSERT( buffer1 != NULL ); - TEST_ASSERT( buffer2 != NULL ); - memcpy( buffer1 + bytes, trail, sizeof( trail ) ); + TEST_ASSERT( output != NULL ); + TEST_ASSERT( changed != NULL ); + memcpy( output + bytes, trail, sizeof( trail ) ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( psa_generate_random( buffer1, bytes ) == PSA_SUCCESS ); - - /* Check that no more than bytes have been overwritten */ - TEST_ASSERT( memcmp( buffer1 + bytes, trail, sizeof( trail ) ) == 0 ); - - if( bytes == 0 ) - goto exit; - - /* We can't validate that the data is really random, but we can - * validate that it doesn't repeat between calls. There's a - * 1/256^bytes chance that it does repeat, of course, so allow - * a few retries. */ - ++retries; /* The first time isn't a REtry */ - do + /* Run several times, to ensure that every output byte will be + * nonzero at least once with overwhelming probability + * (2^(-8*number_of_runs)). */ + for( run = 0; run < 10; run++ ) { - --retries; - TEST_ASSERT( psa_generate_random( buffer2, bytes ) == PSA_SUCCESS ); + memset( output, 0, bytes ); + TEST_ASSERT( psa_generate_random( output, bytes ) == PSA_SUCCESS ); + + /* Check that no more than bytes have been overwritten */ + TEST_ASSERT( memcmp( output + bytes, trail, sizeof( trail ) ) == 0 ); + + for( i = 0; i < bytes; i++ ) + { + if( output[i] != 0 ) + ++changed[i]; + } + } + + /* Check that every byte was changed to nonzero at least once. This + * validates that psa_generate_random is overwriting every byte of + * the output buffer. */ + for( i = 0; i < bytes; i++ ) + { + TEST_ASSERT( changed[i] != 0 ); } - while( memcmp( buffer1, buffer2, bytes ) == 0 && retries >= -1 ); - TEST_ASSERT( retries >= 0 ); exit: mbedtls_psa_crypto_free( ); - mbedtls_free( buffer1 ); - mbedtls_free( buffer2 ); + mbedtls_free( output ); + mbedtls_free( changed ); } /* END_CASE */ From 48c0ea14c66998c956c5fd4b0b17020a11d60fef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 14:15:31 +0200 Subject: [PATCH 20/22] Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h It isn't used to define other macros and it doesn't seem that useful for users. Remove it, we can reintroduce it if needed. Define a similar function key_type_is_raw_bytes in the implementation with a clear semantics: it's a key that's represented as a struct raw_data. --- include/psa/crypto.h | 3 --- library/psa_crypto.c | 17 ++++++++++++----- tests/suites/test_suite_psa_crypto.function | 9 ++++++++- 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 204ac267a..4a46eb8c3 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -366,9 +366,6 @@ typedef uint32_t psa_key_type_t; /** Whether a key type is vendor-defined. */ #define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \ (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0) -#define PSA_KEY_TYPE_IS_RAW_BYTES(type) \ - (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_RAW_DATA || \ - ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC) /** Whether a key type is asymmetric: either a key pair or a public key. */ #define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a610af364..fc73b2cf2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -116,6 +116,13 @@ typedef struct } data; } key_slot_t; +static int key_type_is_raw_bytes( psa_key_type_t type ) +{ + psa_key_type_t category = type & PSA_KEY_TYPE_CATEGORY_MASK; + return( category == PSA_KEY_TYPE_RAW_DATA || + category == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); +} + typedef struct { int initialized; @@ -459,7 +466,7 @@ psa_status_t psa_import_key( psa_key_slot_t key, if( slot->type != PSA_KEY_TYPE_NONE ) return( PSA_ERROR_OCCUPIED_SLOT ); - if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) + if( key_type_is_raw_bytes( type ) ) { psa_status_t status; /* Ensure that a bytes-to-bit conversion won't overflow. */ @@ -541,7 +548,7 @@ psa_status_t psa_destroy_key( psa_key_slot_t key ) /* No key material to clean, but do zeroize the slot below to wipe * metadata such as policies. */ } - else if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) + else if( key_type_is_raw_bytes( slot->type ) ) { mbedtls_free( slot->data.raw.data ); } @@ -589,7 +596,7 @@ psa_status_t psa_get_key_information( psa_key_slot_t key, if( slot->type == PSA_KEY_TYPE_NONE ) return( PSA_ERROR_EMPTY_SLOT ); - if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) + if( key_type_is_raw_bytes( slot->type ) ) { if( bits != NULL ) *bits = slot->data.raw.bytes * 8; @@ -643,7 +650,7 @@ static psa_status_t psa_internal_export_key( psa_key_slot_t key, ( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) == 0 ) return( PSA_ERROR_NOT_PERMITTED ); - if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) ) + if( key_type_is_raw_bytes( slot->type ) ) { if( slot->data.raw.bytes > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); @@ -2632,7 +2639,7 @@ psa_status_t psa_generate_key( psa_key_slot_t key, if( parameters == NULL && parameters_size != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) + if( key_type_is_raw_bytes( type ) ) { psa_status_t status = prepare_raw_data_slot( type, bits, &slot->data.raw ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9af19fa6d..2d279fc38 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -27,6 +27,13 @@ static int mem_is_zero( void *buffer, size_t size ) return( 1 ); } +static int key_type_is_raw_bytes( psa_key_type_t type ) +{ + psa_key_type_t category = type & PSA_KEY_TYPE_CATEGORY_MASK; + return( category == PSA_KEY_TYPE_RAW_DATA || + category == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ); +} + static int exercise_mac_key( psa_key_slot_t key, psa_key_usage_t usage, psa_algorithm_t alg ) @@ -1967,7 +1974,7 @@ void generate_key( int type_arg, &exported_length ) == expected_export_status ); if( expected_export_status == PSA_SUCCESS ) { - if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) ) + if( key_type_is_raw_bytes( type ) ) TEST_ASSERT( exported_length == ( bits + 7 ) / 8 ); #if defined(MBEDTLS_DES_C) if( type == PSA_KEY_TYPE_DES ) From f9c2c09810a2ba0cdca72b08b5eafe8872a7e150 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 16:57:07 +0200 Subject: [PATCH 21/22] In abort functions, return BAD_STATE on obviously bad input psa_hash_abort, psa_mac_abort and psa_cipher_abort now return PSA_ERROR_BAD_STATE if operation->alg is obviously not valid, which can only happen due to a programming error in the caller or in the library. We can't detect all cases of calling abort on uninitialized memory but this is dirt cheap and better than nothing. --- library/psa_crypto.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fc73b2cf2..12c21d7b6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -822,7 +822,7 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) break; #endif default: - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_BAD_STATE ); } operation->alg = 0; return( PSA_SUCCESS ); @@ -1231,7 +1231,11 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) } else #endif /* MBEDTLS_MD_C */ - return( PSA_ERROR_NOT_SUPPORTED ); + { + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + return( PSA_ERROR_BAD_STATE ); + } } operation->alg = 0; @@ -2218,6 +2222,11 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( operation->alg == 0 ) return( PSA_SUCCESS ); + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) + return( PSA_ERROR_BAD_STATE ); + mbedtls_cipher_free( &operation->ctx.cipher ); operation->alg = 0; From 8173631d7e889882d00b40e95a5f3915957d18be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 26 Jun 2018 15:04:31 +0200 Subject: [PATCH 22/22] psa_hash_abort: return PSA_SUCCESS if alg=0 Make psa_hash_abort consistent with psa_mac_abort and psa_cipher_abort. Add a comment explaining the reasoning. --- library/psa_crypto.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 12c21d7b6..2670e4139 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -784,6 +784,11 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { switch( operation->alg ) { + case 0: + /* The object has (apparently) been initialized but it is not + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + break; #if defined(MBEDTLS_MD2_C) case PSA_ALG_MD2: mbedtls_md2_free( &operation->ctx.md2 ); @@ -1210,6 +1215,9 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) switch( operation->alg ) { case 0: + /* The object has (apparently) been initialized but it is not + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ return( PSA_SUCCESS ); #if defined(MBEDTLS_CMAC_C) case PSA_ALG_CMAC: @@ -2220,7 +2228,12 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { if( operation->alg == 0 ) + { + /* The object has (apparently) been initialized but it is not + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ return( PSA_SUCCESS ); + } /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */