Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
meant to be stored in the PSA core as opaque( emulating an
SE without storage ).
-Export validate_unstructured_key_bit_size as
psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
cover opaque keys, thereby avoiding duplication.
Signed-off-by: Archana <archana.madhavan@silabs.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d70dccb..cea165c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -430,8 +430,8 @@
* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
-static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
- size_t bits )
+psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
+ size_t bits )
{
/* Check that the bit size is acceptable for the key type */
switch( type )
@@ -560,14 +560,14 @@
/* Ensure that the bytes-to-bits conversion hasn't overflown. */
if( data_length > SIZE_MAX / 8 )
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( status );
/* Enforce a size limit, and in particular ensure that the bit
* size fits in its representation type. */
if( ( *bits ) > PSA_MAX_KEY_BITS )
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( status );
- status = validate_unstructured_key_bit_size( type, *bits );
+ status = psa_validate_unstructured_key_bit_size( attributes->core.type, *bits );
if( status != PSA_SUCCESS )
return( status );
@@ -1907,8 +1907,9 @@
goto exit;
/* In the case of a transparent key or an opaque key stored in local
- * storage, we have to allocate a buffer to hold the generated key
- * material. */
+ * storage( thus not in the case of the old-style secure element interface
+ * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
+ * imported key material. */
if( slot->key.data == NULL )
{
if( psa_key_lifetime_is_external( attributes->core.lifetime ) )
@@ -5061,7 +5062,7 @@
if( key_type_is_raw_bytes( type ) )
{
- status = validate_unstructured_key_bit_size( type, bits );
+ status = psa_validate_unstructured_key_bit_size( type, bits );
if( status != PSA_SUCCESS )
return( status );
}
@@ -5171,9 +5172,9 @@
goto exit;
/* In the case of a transparent key or an opaque key stored in local
- * storage (thus not in the case of generating a key in a secure element
- * or cryptoprocessor with storage), we have to allocate a buffer to
- * hold the generated key material. */
+ * storage( thus not in the case of the old-style secure element interface
+ * (MBEDTLS_PSA_CRYPTO_SE_C)),we have to allocate a buffer to hold the
+ * imported key material. */
if( slot->key.data == NULL )
{
if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 91757b5..4a3fa50 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -528,4 +528,23 @@
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
+/**
+ * \brief Validate the key bit size for unstructured keys.
+ *
+ * \note Check that the bit size is acceptable for a given key type for
+ * unstructured keys.
+ *
+ * \param[in] type The key type
+ * \param[in] bits The number of bits of the key
+ *
+ * \retval #PSA_SUCCESS
+ * The key type and size are valid.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size in bits of the key is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The type and/or the size in bits of the key or the combination of
+ * the two is not supported.
+ */
+psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
+ size_t bits );
#endif /* PSA_CRYPTO_CORE_H */
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 2974d6f..e145dd4 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -459,7 +459,7 @@
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
- *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
+ *key_buffer_size = mbedtls_test_opaque_size_function( key_type, key_bits );
return( ( *key_buffer_size != 0 ) ?
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -607,10 +607,18 @@
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
-
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
- /* Importing a key with external storage in not yet supported.
- * Return in error indicating that the lifetime is not valid. */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 3ce232c..144ba1c 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -572,7 +572,7 @@
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
+psa_status_t mbedtls_test_driver_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
@@ -583,7 +583,7 @@
key_buffer_length, bits ) );
}
-psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
+psa_status_t mbedtls_test_driver_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 0c2b928..dc9e887 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -224,13 +224,13 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
-psa_status_t mbedtls_transparent_test_driver_ecp_import_key(
+psa_status_t mbedtls_test_driver_ecp_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits );
-psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key(
+psa_status_t mbedtls_test_driver_ecp_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index d85b86c..2c357c9 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -611,7 +611,7 @@
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
+psa_status_t mbedtls_test_driver_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
@@ -622,7 +622,7 @@
key_buffer_length, bits ) );
}
-psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
+psa_status_t mbedtls_test_driver_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h
index 41a90f7..5540684 100644
--- a/library/psa_crypto_rsa.h
+++ b/library/psa_crypto_rsa.h
@@ -218,13 +218,13 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
-psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
+psa_status_t mbedtls_test_driver_rsa_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits );
-psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
+psa_status_t mbedtls_test_driver_rsa_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length );