Merge pull request #9446 from gilles-peskine-arm/psa_generate_key_custom-development-forward_then_remove
psa_generate_key_custom
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 479863e..6d16079 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -281,6 +281,15 @@
endif(CMAKE_COMPILER_IS_IAR)
endif(MBEDTLS_FATAL_WARNINGS)
+if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
+ set(CMAKE_CXX_STANDARD 11)
+ set(CMAKE_CXX_STANDARD_REQUIRED ON)
+ set(CMAKE_CXX_EXTENSIONS OFF)
+ if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic")
+ endif()
+endif()
+
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt
new file mode 100644
index 0000000..3fc1bd7
--- /dev/null
+++ b/ChangeLog.d/psa_generate_key_custom.txt
@@ -0,0 +1,9 @@
+API changes
+ * The experimental functions psa_generate_key_ext() and
+ psa_key_derivation_output_key_ext() have been replaced by
+ psa_generate_key_custom() and psa_key_derivation_output_key_custom().
+ They have almost exactly the same interface, but the variable-length
+ data is passed in a separate parameter instead of a flexible array
+ member. This resolves a build failure under C++ compilers that do not
+ support flexible array members (a C99 feature not adopted by C++).
+ Fixes #9020.
diff --git a/docs/psa-transition.md b/docs/psa-transition.md
index bbb7da2..dea14fe 100644
--- a/docs/psa-transition.md
+++ b/docs/psa-transition.md
@@ -779,7 +779,7 @@
The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted.
-For RSA keys, `psa_generate_key` uses 65537 as the public exponent. You can use [`psa_generate_key_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga6776360ae8046a4456a5f990f997da58) to select a different public exponent. As of Mbed TLS 3.6.0, selecting a different public exponent is only supported with the built-in RSA implementation, not with PSA drivers.
+For RSA keys, `psa_generate_key` uses 65537 as the public exponent. You can use [`psa_generate_key_custom`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#ga0415617443afe42a712027bbb8ad89f0) to select a different public exponent. As of Mbed TLS 3.6.1, selecting a different public exponent is only supported with the built-in RSA implementation, not with PSA drivers.
To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). This function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), but only supports a single format that just contains the number(s) that make up the key, with very little metadata. The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details.
diff --git a/scripts/common.make b/scripts/common.make
index d102a97..9c7fd73 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -20,14 +20,14 @@
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
-WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
+WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
-I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
-LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS)
ifdef PSASIM
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index 8b91f0b..d3b7d6f 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -731,7 +731,8 @@
static inline psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data, size_t custom_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -740,7 +741,7 @@
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
int is_default_production =
- psa_key_production_parameters_are_default(params, params_data_length);
+ psa_custom_key_parameters_are_default(custom, custom_data_length);
if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
{
/* We don't support passing custom production parameters
@@ -811,7 +812,7 @@
/* Software fallback */
status = psa_generate_key_internal(
- attributes, params, params_data_length,
+ attributes, custom, custom_data, custom_data_length,
key_buffer, key_buffer_size, key_buffer_length );
break;
diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h
index 9551855..b83f405 100644
--- a/tests/include/test/psa_test_wrappers.h
+++ b/tests/include/test/psa_test_wrappers.h
@@ -354,13 +354,14 @@
#define psa_generate_key(arg0_attributes, arg1_key) \
mbedtls_test_wrap_psa_generate_key(arg0_attributes, arg1_key)
-psa_status_t mbedtls_test_wrap_psa_generate_key_ext(
+psa_status_t mbedtls_test_wrap_psa_generate_key_custom(
const psa_key_attributes_t *arg0_attributes,
- const psa_key_production_parameters_t *arg1_params,
- size_t arg2_params_data_length,
- mbedtls_svc_key_id_t *arg3_key);
-#define psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key) \
- mbedtls_test_wrap_psa_generate_key_ext(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key)
+ const psa_custom_key_parameters_t *arg1_custom,
+ const uint8_t *arg2_custom_data,
+ size_t arg3_custom_data_length,
+ mbedtls_svc_key_id_t *arg4_key);
+#define psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) \
+ mbedtls_test_wrap_psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key)
psa_status_t mbedtls_test_wrap_psa_generate_random(
uint8_t *arg0_output,
@@ -496,14 +497,15 @@
#define psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key) \
mbedtls_test_wrap_psa_key_derivation_output_key(arg0_attributes, arg1_operation, arg2_key)
-psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext(
+psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_custom(
const psa_key_attributes_t *arg0_attributes,
psa_key_derivation_operation_t *arg1_operation,
- const psa_key_production_parameters_t *arg2_params,
- size_t arg3_params_data_length,
- mbedtls_svc_key_id_t *arg4_key);
-#define psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key) \
- mbedtls_test_wrap_psa_key_derivation_output_key_ext(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key)
+ const psa_custom_key_parameters_t *arg2_custom,
+ const uint8_t *arg3_custom_data,
+ size_t arg4_custom_data_length,
+ mbedtls_svc_key_id_t *arg5_key);
+#define psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key) \
+ mbedtls_test_wrap_psa_key_derivation_output_key_custom(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key)
psa_status_t mbedtls_test_wrap_psa_key_derivation_set_capacity(
psa_key_derivation_operation_t *arg0_operation,
diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h
index bc1b844..1301ff2 100644
--- a/tests/psa-client-server/psasim/src/psa_functions_codes.h
+++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h
@@ -40,7 +40,7 @@
PSA_EXPORT_KEY,
PSA_EXPORT_PUBLIC_KEY,
PSA_GENERATE_KEY,
- PSA_GENERATE_KEY_EXT,
+ PSA_GENERATE_KEY_CUSTOM,
PSA_GENERATE_RANDOM,
PSA_GET_KEY_ATTRIBUTES,
PSA_HASH_ABORT,
@@ -62,7 +62,7 @@
PSA_KEY_DERIVATION_KEY_AGREEMENT,
PSA_KEY_DERIVATION_OUTPUT_BYTES,
PSA_KEY_DERIVATION_OUTPUT_KEY,
- PSA_KEY_DERIVATION_OUTPUT_KEY_EXT,
+ PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM,
PSA_KEY_DERIVATION_SET_CAPACITY,
PSA_KEY_DERIVATION_SETUP,
PSA_MAC_ABORT,
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
index 4200f6c..d4d9d60 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -2803,9 +2803,10 @@
}
-psa_status_t psa_generate_key_ext(
+psa_status_t psa_generate_key_custom(
const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data, size_t custom_data_length,
mbedtls_svc_key_id_t *key
)
{
@@ -2817,7 +2818,8 @@
size_t needed =
psasim_serialise_begin_needs() +
psasim_serialise_psa_key_attributes_t_needs(*attributes) +
- psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) +
+ psasim_serialise_psa_custom_key_parameters_t_needs(*custom) +
+ psasim_serialise_buffer_needs(custom_data, custom_data_length) +
psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
ser_params = malloc(needed);
@@ -2839,9 +2841,15 @@
if (!ok) {
goto fail;
}
- ok = psasim_serialise_psa_key_production_parameters_t(
+ ok = psasim_serialise_psa_custom_key_parameters_t(
&pos, &remaining,
- params, params_data_length);
+ *custom);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ custom_data, custom_data_length);
if (!ok) {
goto fail;
}
@@ -2852,10 +2860,10 @@
goto fail;
}
- ok = psa_crypto_call(PSA_GENERATE_KEY_EXT,
+ ok = psa_crypto_call(PSA_GENERATE_KEY_CUSTOM,
ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
if (!ok) {
- printf("PSA_GENERATE_KEY_EXT server call failed\n");
+ printf("PSA_GENERATE_KEY_CUSTOM server call failed\n");
goto fail;
}
@@ -4572,10 +4580,11 @@
}
-psa_status_t psa_key_derivation_output_key_ext(
+psa_status_t psa_key_derivation_output_key_custom(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data, size_t custom_data_length,
mbedtls_svc_key_id_t *key
)
{
@@ -4588,7 +4597,8 @@
psasim_serialise_begin_needs() +
psasim_serialise_psa_key_attributes_t_needs(*attributes) +
psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
- psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) +
+ psasim_serialise_psa_custom_key_parameters_t_needs(*custom) +
+ psasim_serialise_buffer_needs(custom_data, custom_data_length) +
psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
ser_params = malloc(needed);
@@ -4616,9 +4626,15 @@
if (!ok) {
goto fail;
}
- ok = psasim_serialise_psa_key_production_parameters_t(
+ ok = psasim_serialise_psa_custom_key_parameters_t(
&pos, &remaining,
- params, params_data_length);
+ *custom);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ custom_data, custom_data_length);
if (!ok) {
goto fail;
}
@@ -4629,10 +4645,10 @@
goto fail;
}
- ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_EXT,
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM,
ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
if (!ok) {
- printf("PSA_KEY_DERIVATION_OUTPUT_KEY_EXT server call failed\n");
+ printf("PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM server call failed\n");
goto fail;
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
index cab32c4..b2ed070 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
@@ -3116,14 +3116,15 @@
}
// Returns 1 for success, 0 for failure
-int psa_generate_key_ext_wrapper(
+int psa_generate_key_custom_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length;
+ psa_custom_key_parameters_t custom;
+ uint8_t *custom_data = NULL;
+ size_t custom_data_length;
mbedtls_svc_key_id_t key;
uint8_t *pos = in_params;
@@ -3143,9 +3144,16 @@
goto fail;
}
- ok = psasim_deserialise_psa_key_production_parameters_t(
+ ok = psasim_deserialise_psa_custom_key_parameters_t(
&pos, &remaining,
- ¶ms, ¶ms_data_length);
+ &custom);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &custom_data, &custom_data_length);
if (!ok) {
goto fail;
}
@@ -3159,9 +3167,10 @@
// Now we call the actual target function
- status = psa_generate_key_ext(
+ status = psa_generate_key_custom(
&attributes,
- params, params_data_length,
+ &custom,
+ custom_data, custom_data_length,
&key
);
@@ -3201,14 +3210,14 @@
*out_params = result;
*out_params_len = result_size;
- free(params);
+ free(custom_data);
return 1; // success
fail:
free(result);
- free(params);
+ free(custom_data);
return 0; // This shouldn't happen!
}
@@ -5079,15 +5088,16 @@
}
// Returns 1 for success, 0 for failure
-int psa_key_derivation_output_key_ext_wrapper(
+int psa_key_derivation_output_key_custom_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes;
psa_key_derivation_operation_t *operation;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length;
+ psa_custom_key_parameters_t custom;
+ uint8_t *custom_data = NULL;
+ size_t custom_data_length;
mbedtls_svc_key_id_t key;
uint8_t *pos = in_params;
@@ -5114,9 +5124,16 @@
goto fail;
}
- ok = psasim_deserialise_psa_key_production_parameters_t(
+ ok = psasim_deserialise_psa_custom_key_parameters_t(
&pos, &remaining,
- ¶ms, ¶ms_data_length);
+ &custom);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &custom_data, &custom_data_length);
if (!ok) {
goto fail;
}
@@ -5130,10 +5147,11 @@
// Now we call the actual target function
- status = psa_key_derivation_output_key_ext(
+ status = psa_key_derivation_output_key_custom(
&attributes,
operation,
- params, params_data_length,
+ &custom,
+ custom_data, custom_data_length,
&key
);
@@ -5181,14 +5199,14 @@
*out_params = result;
*out_params_len = result_size;
- free(params);
+ free(custom_data);
return 1; // success
fail:
free(result);
- free(params);
+ free(custom_data);
return 0; // This shouldn't happen!
}
@@ -7712,9 +7730,9 @@
ok = psa_generate_key_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
- case PSA_GENERATE_KEY_EXT:
- ok = psa_generate_key_ext_wrapper(in_params, in_params_len,
- &out_params, &out_params_len);
+ case PSA_GENERATE_KEY_CUSTOM:
+ ok = psa_generate_key_custom_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
break;
case PSA_GENERATE_RANDOM:
ok = psa_generate_random_wrapper(in_params, in_params_len,
@@ -7800,9 +7818,9 @@
ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
- case PSA_KEY_DERIVATION_OUTPUT_KEY_EXT:
- ok = psa_key_derivation_output_key_ext_wrapper(in_params, in_params_len,
- &out_params, &out_params_len);
+ case PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM:
+ ok = psa_key_derivation_output_key_custom_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
break;
case PSA_KEY_DERIVATION_SET_CAPACITY:
ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len,
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index bc63975..e0e9b19 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -566,13 +566,6 @@
size_t $n2;
EOF
push(@buffers, $n1); # Add to the list to be free()d at end
- } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
- my ($n1, $n2) = split(/,\s*/, $argname);
- print $fh <<EOF;
- psa_key_production_parameters_t *$n1 = NULL;
- size_t $n2;
-EOF
- push(@buffers, $n1); # Add to the list to be free()d at end
} else {
$argname =~ s/^\*//; # Remove any leading *
my $pointer = ($argtype =~ /^psa_\w+_operation_t/) ? "*" : "";
@@ -628,17 +621,6 @@
goto fail;
}
EOF
- } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
- my ($n1, $n2) = split(/,\s*/, $argname);
- print $fh <<EOF;
-
- ok = psasim_deserialise_${argtype}(
- &pos, &remaining,
- &$n1, &$n2);
- if (!ok) {
- goto fail;
- }
-EOF
} else {
$argname =~ s/^\*//; # Remove any leading *
my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : "";
@@ -741,16 +723,6 @@
goto fail;
}
EOF
- } elsif ($argtype eq "psa_key_production_parameters_t") {
- print $fh <<EOF;
-
- ok = psasim_serialise_psa_key_production_parameters_t(
- &rpos, &rremain,
- $argname);
- if (!ok) {
- goto fail;
- }
-EOF
} else {
if ($argname =~ /^\*/) {
$argname =~ s/^\*//; # since it's already a pointer
@@ -1033,9 +1005,6 @@
if ($argtype =~ /^(const )?buffer$/) {
my ($n1, $n2) = split(/,\s*/, $argname);
print $fh " $n1, $n2";
- } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
- my ($n1, $n2) = split(/,\s*/, $argname);
- print $fh " $n1, $n2";
} else {
$argname =~ s/^\*/\&/; # Replace leading * with &
if ($is_server && $argtype =~ /^psa_\w+_operation_t/) {
@@ -1071,10 +1040,6 @@
my $const = length($1) ? "const " : "";
my ($n1, $n2) = split(/,/, $argname);
print $fh " ${const}uint8_t *$n1, size_t $n2";
- } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
- my $const = length($1) ? "const " : "";
- my ($n1, $n2) = split(/,/, $argname);
- print $fh " ${const}psa_key_production_parameters_t *$n1, size_t $n2";
} else {
print $fh " $ctypename$argname";
}
@@ -1184,19 +1149,6 @@
$i++; # We're using the next param here
my $nname = $1;
$name .= ", " . $nname;
- } elsif ($arg =~ /^((const)\s+)?psa_key_production_parameters_t\s*\*\s*(\w+)$/) {
- $type = "psa_key_production_parameters_t";
- $is_output = (length($1) == 0) ? 1 : 0;
- $type = "const psa_key_production_parameters_t" if !$is_output;
- $ctype = "";
- $name = $3;
- #print("$arg: $name: might be a psa_key_production_parameters_t?\n");
- die("$arg: not a psa_key_production_parameters_t 1!\n") if $i == $#args;
- my $next = $args[$i + 1];
- die("$arg: $func: $name: $next: not a psa_key_production_parameters_t 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/;
- $i++; # We're using the next param here
- my $nname = $1;
- $name .= ", " . $nname;
} elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) {
($type, $name) = ($3, "*" . $4);
$ctype = $1 . $type . " ";
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
index 92ecdd2..e5c7225 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
@@ -735,96 +735,38 @@
return 1;
}
-#define SER_TAG_SIZE 4
-
-size_t psasim_serialise_psa_key_production_parameters_t_needs(
- const psa_key_production_parameters_t *params,
- size_t data_length)
+size_t psasim_serialise_psa_custom_key_parameters_t_needs(
+ psa_custom_key_parameters_t value)
{
- /* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning,
- * followed by size_t data_length, then the actual data from the structure.
- */
- return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length;
+ return sizeof(value);
}
-int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- const psa_key_production_parameters_t *params,
- size_t data_length)
+int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_custom_key_parameters_t value)
{
- if (data_length > UINT32_MAX / 2) { /* arbitrary limit */
- return 0; /* too big to serialise */
- }
-
- /* We use 32-bit lengths, which should be enough for any reasonable usage :) */
- /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */
- uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length);
- if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) {
+ if (*remaining < sizeof(value)) {
return 0;
}
- char tag[SER_TAG_SIZE] = "PKPP";
-
- memcpy(*pos, tag, sizeof(tag));
- memcpy(*pos + sizeof(tag), &len, sizeof(len));
- *pos += sizeof(tag) + sizeof(len);
- *remaining -= sizeof(tag) + sizeof(len);
-
- memcpy(*pos, &data_length, sizeof(data_length));
- memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length);
- *pos += sizeof(data_length) + sizeof(*params) + data_length;
- *remaining -= sizeof(data_length) + sizeof(*params) + data_length;
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
return 1;
}
-int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- psa_key_production_parameters_t **params,
- size_t *data_length)
+int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_custom_key_parameters_t *value)
{
- if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) {
- return 0; /* can't even be an empty serialisation */
+ if (*remaining < sizeof(*value)) {
+ return 0;
}
- char tag[SER_TAG_SIZE] = "PKPP"; /* expected */
- uint32_t len;
+ memcpy(value, *pos, sizeof(*value));
- memcpy(&len, *pos + sizeof(tag), sizeof(len));
-
- if (memcmp(*pos, tag, sizeof(tag)) != 0) {
- return 0; /* wrong tag */
- }
-
- *pos += sizeof(tag) + sizeof(len);
- *remaining -= sizeof(tag) + sizeof(len);
-
- if (*remaining < sizeof(*data_length)) {
- return 0; /* missing data_length */
- }
- memcpy(data_length, *pos, sizeof(*data_length));
-
- if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) {
- return 0; /* wrong length */
- }
-
- if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) {
- return 0; /* not enough data provided */
- }
-
- *pos += sizeof(data_length);
- *remaining -= sizeof(data_length);
-
- psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length);
- if (out == NULL) {
- return 0; /* allocation failure */
- }
-
- memcpy(out, *pos, sizeof(*out) + *data_length);
- *pos += sizeof(*out) + *data_length;
- *remaining -= sizeof(*out) + *data_length;
-
- *params = out;
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
return 1;
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
index f60e371..523ce80 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
@@ -421,55 +421,48 @@
int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
uint8_t *buffer, size_t buffer_length);
-/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
- * to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
+/** Return how much buffer space is needed by \c psasim_serialise_psa_custom_key_parameters_t()
+ * to serialise a `psa_custom_key_parameters_t`.
*
- * \param params Pointer to the struct to be serialised
+ * \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
- * \param data_length Number of bytes in the data[] of the struct to be serialised.
*
- * \return The number of bytes needed in the serialisation buffer by
- * \c psasim_serialise_psa_key_production_parameters_t() to serialise
- * the specified structure.
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_custom_key_parameters_t() to serialise
+ * the given value.
*/
-size_t psasim_serialise_psa_key_production_parameters_t_needs(
- const psa_key_production_parameters_t *params,
- size_t buffer_size);
+size_t psasim_serialise_psa_custom_key_parameters_t_needs(
+ psa_custom_key_parameters_t value);
-/** Serialise a psa_key_production_parameters_t.
+/** Serialise a `psa_custom_key_parameters_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
- * \param params Pointer to the structure to be serialised.
- * \param data_length Number of bytes in the data[] of the struct to be serialised.
+ * \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
-int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- const psa_key_production_parameters_t *params,
- size_t data_length);
+int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_custom_key_parameters_t value);
-/** Deserialise a psa_key_production_parameters_t.
+/** Deserialise a `psa_custom_key_parameters_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
- * in the serialisation buffer.
+ * in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
- * remaining in the serialisation buffer.
- * \param params Pointer to a `psa_key_production_parameters_t *` to
- * receive the address of a newly-allocated structure,
- * which the caller must `free()`.
- * \param data_length Pointer to a `size_t` to receive the number of
- * bytes in the data[] member of the structure deserialised.
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_custom_key_parameters_t` to receive the value
+ * deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
-int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
- psa_key_production_parameters_t **params,
- size_t *buffer_length);
+int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_custom_key_parameters_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t()
* to serialise a `psa_status_t`.
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
index 75e6cd0..31c93ae 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
@@ -38,7 +38,7 @@
my @types = qw(unsigned-int int size_t
uint16_t uint32_t uint64_t
buffer
- psa_key_production_parameters_t
+ psa_custom_key_parameters_t
psa_status_t psa_algorithm_t psa_key_derivation_step_t
psa_hash_operation_t
psa_aead_operation_t
@@ -66,8 +66,6 @@
for my $type (@types) {
if ($type eq "buffer") {
print declare_buffer_functions();
- } elsif ($type eq "psa_key_production_parameters_t") {
- print declare_psa_key_production_parameters_t_functions();
} else {
print declare_needs($type, "");
print declare_serialise($type, "");
@@ -98,8 +96,6 @@
for my $type (@types) {
if ($type eq "buffer") {
print define_buffer_functions();
- } elsif ($type eq "psa_key_production_parameters_t") {
- print define_psa_key_production_parameters_t_functions();
} elsif (exists($isa{$type})) {
print define_needs_isa($type, $isa{$type});
print define_serialise_isa($type, $isa{$type});
@@ -304,62 +300,6 @@
EOF
}
-sub declare_psa_key_production_parameters_t_functions
-{
- return <<'EOF';
-
-/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
- * to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
- *
- * \param params Pointer to the struct to be serialised
- * (needed in case some serialisations are value-
- * dependent).
- * \param data_length Number of bytes in the data[] of the struct to be serialised.
- *
- * \return The number of bytes needed in the serialisation buffer by
- * \c psasim_serialise_psa_key_production_parameters_t() to serialise
- * the specified structure.
- */
-size_t psasim_serialise_psa_key_production_parameters_t_needs(
- const psa_key_production_parameters_t *params,
- size_t buffer_size);
-
-/** Serialise a psa_key_production_parameters_t.
- *
- * \param pos[in,out] Pointer to a `uint8_t *` holding current position
- * in the buffer.
- * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
- * remaining in the buffer.
- * \param params Pointer to the structure to be serialised.
- * \param data_length Number of bytes in the data[] of the struct to be serialised.
- *
- * \return \c 1 on success ("okay"), \c 0 on error.
- */
-int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- const psa_key_production_parameters_t *params,
- size_t data_length);
-
-/** Deserialise a psa_key_production_parameters_t.
- *
- * \param pos[in,out] Pointer to a `uint8_t *` holding current position
- * in the serialisation buffer.
- * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
- * remaining in the serialisation buffer.
- * \param params Pointer to a `psa_key_production_parameters_t *` to
- * receive the address of a newly-allocated structure,
- * which the caller must `free()`.
- * \param data_length Pointer to a `size_t` to receive the number of
- * bytes in the data[] member of the structure deserialised.
- *
- * \return \c 1 on success ("okay"), \c 0 on error.
- */
-int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
- psa_key_production_parameters_t **params,
- size_t *buffer_length);
-EOF
-}
-
sub h_header
{
return <<'EOF';
@@ -816,105 +756,6 @@
EOF
}
-sub define_psa_key_production_parameters_t_functions
-{
- return <<'EOF';
-
-#define SER_TAG_SIZE 4
-
-size_t psasim_serialise_psa_key_production_parameters_t_needs(
- const psa_key_production_parameters_t *params,
- size_t data_length)
-{
- /* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning,
- * followed by size_t data_length, then the actual data from the structure.
- */
- return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length;
-}
-
-int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- const psa_key_production_parameters_t *params,
- size_t data_length)
-{
- if (data_length > UINT32_MAX / 2) { /* arbitrary limit */
- return 0; /* too big to serialise */
- }
-
- /* We use 32-bit lengths, which should be enough for any reasonable usage :) */
- /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */
- uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length);
- if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) {
- return 0;
- }
-
- char tag[SER_TAG_SIZE] = "PKPP";
-
- memcpy(*pos, tag, sizeof(tag));
- memcpy(*pos + sizeof(tag), &len, sizeof(len));
- *pos += sizeof(tag) + sizeof(len);
- *remaining -= sizeof(tag) + sizeof(len);
-
- memcpy(*pos, &data_length, sizeof(data_length));
- memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length);
- *pos += sizeof(data_length) + sizeof(*params) + data_length;
- *remaining -= sizeof(data_length) + sizeof(*params) + data_length;
-
- return 1;
-}
-
-int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos,
- size_t *remaining,
- psa_key_production_parameters_t **params,
- size_t *data_length)
-{
- if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) {
- return 0; /* can't even be an empty serialisation */
- }
-
- char tag[SER_TAG_SIZE] = "PKPP"; /* expected */
- uint32_t len;
-
- memcpy(&len, *pos + sizeof(tag), sizeof(len));
-
- if (memcmp(*pos, tag, sizeof(tag)) != 0) {
- return 0; /* wrong tag */
- }
-
- *pos += sizeof(tag) + sizeof(len);
- *remaining -= sizeof(tag) + sizeof(len);
-
- if (*remaining < sizeof(*data_length)) {
- return 0; /* missing data_length */
- }
- memcpy(data_length, *pos, sizeof(*data_length));
-
- if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) {
- return 0; /* wrong length */
- }
-
- if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) {
- return 0; /* not enough data provided */
- }
-
- *pos += sizeof(data_length);
- *remaining -= sizeof(data_length);
-
- psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length);
- if (out == NULL) {
- return 0; /* allocation failure */
- }
-
- memcpy(out, *pos, sizeof(*out) + *data_length);
- *pos += sizeof(*out) + *data_length;
- *remaining -= sizeof(*out) + *data_length;
-
- *params = out;
-
- return 1;
-}
-EOF
-}
sub c_header
{
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 993e23c..082ed01 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -642,8 +642,9 @@
re.compile(r'mbedtls_ct_memmove_left .*')
],
'test_suite_psa_crypto': [
- # We don't support generate_key_ext entry points
+ # We don't support generate_key_custom entry points
# in drivers yet.
+ re.compile(r'PSA generate key custom: RSA, e=.*'),
re.compile(r'PSA generate key ext: RSA, e=.*'),
],
}
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index d1440c3..4bb41ae 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -11,7 +11,7 @@
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
- make SHARED=1 all check
+ make SHARED=1 TEST_CPP=1 all check
ldd programs/util/strerror | grep libmbedcrypto
programs/test/dlopen_demo.sh
}
@@ -65,7 +65,7 @@
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
# Note: Explicitly generate files as these are turned off in releases
- cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
+ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON _D TEST_CPP=1 "$MBEDTLS_ROOT_DIR"
make
msg "test: cmake 'out-of-source' build"
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index 7415e29..deac300 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -604,14 +604,21 @@
return status;
}
-/* Wrapper for psa_generate_key_ext */
-psa_status_t mbedtls_test_wrap_psa_generate_key_ext(
+/* Wrapper for psa_generate_key_custom */
+psa_status_t mbedtls_test_wrap_psa_generate_key_custom(
const psa_key_attributes_t *arg0_attributes,
- const psa_key_production_parameters_t *arg1_params,
- size_t arg2_params_data_length,
- mbedtls_svc_key_id_t *arg3_key)
+ const psa_custom_key_parameters_t *arg1_custom,
+ const uint8_t *arg2_custom_data,
+ size_t arg3_custom_data_length,
+ mbedtls_svc_key_id_t *arg4_key)
{
- psa_status_t status = (psa_generate_key_ext)(arg0_attributes, arg1_params, arg2_params_data_length, arg3_key);
+#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg2_custom_data, arg3_custom_data_length);
+#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
+ psa_status_t status = (psa_generate_key_custom)(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key);
+#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg2_custom_data, arg3_custom_data_length);
+#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
@@ -870,15 +877,22 @@
return status;
}
-/* Wrapper for psa_key_derivation_output_key_ext */
-psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_ext(
+/* Wrapper for psa_key_derivation_output_key_custom */
+psa_status_t mbedtls_test_wrap_psa_key_derivation_output_key_custom(
const psa_key_attributes_t *arg0_attributes,
psa_key_derivation_operation_t *arg1_operation,
- const psa_key_production_parameters_t *arg2_params,
- size_t arg3_params_data_length,
- mbedtls_svc_key_id_t *arg4_key)
+ const psa_custom_key_parameters_t *arg2_custom,
+ const uint8_t *arg3_custom_data,
+ size_t arg4_custom_data_length,
+ mbedtls_svc_key_id_t *arg5_key)
{
- psa_status_t status = (psa_key_derivation_output_key_ext)(arg0_attributes, arg1_operation, arg2_params, arg3_params_data_length, arg4_key);
+#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ MBEDTLS_TEST_MEMORY_POISON(arg3_custom_data, arg4_custom_data_length);
+#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
+ psa_status_t status = (psa_key_derivation_output_key_custom)(arg0_attributes, arg1_operation, arg2_custom, arg3_custom_data, arg4_custom_data_length, arg5_key);
+#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ MBEDTLS_TEST_MEMORY_UNPOISON(arg3_custom_data, arg4_custom_data_length);
+#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index 8100afc..0ad4196 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -6412,27 +6412,28 @@
return status;
}
-static const psa_key_production_parameters_t default_production_parameters =
- PSA_KEY_PRODUCTION_PARAMETERS_INIT;
+static const psa_custom_key_parameters_t default_custom_production =
+ PSA_CUSTOM_KEY_PARAMETERS_INIT;
-int psa_key_production_parameters_are_default(
- const psa_key_production_parameters_t *params,
- size_t params_data_length)
+int psa_custom_key_parameters_are_default(
+ const psa_custom_key_parameters_t *custom,
+ size_t custom_data_length)
{
- if (params->flags != 0) {
+ if (custom->flags != 0) {
return 0;
}
- if (params_data_length != 0) {
+ if (custom_data_length != 0) {
return 0;
}
return 1;
}
-psa_status_t psa_key_derivation_output_key_ext(
+psa_status_t psa_key_derivation_output_key_custom(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
mbedtls_svc_key_id_t *key)
{
psa_status_t status;
@@ -6447,7 +6448,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
- if (!psa_key_production_parameters_are_default(params, params_data_length)) {
+ (void) custom_data; /* We only accept 0-length data */
+ if (!psa_custom_key_parameters_are_default(custom, custom_data_length)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -6487,9 +6489,10 @@
psa_key_derivation_operation_t *operation,
mbedtls_svc_key_id_t *key)
{
- return psa_key_derivation_output_key_ext(attributes, operation,
- &default_production_parameters, 0,
- key);
+ return psa_key_derivation_output_key_custom(attributes, operation,
+ &default_custom_production,
+ NULL, 0,
+ key);
}
@@ -7863,15 +7866,18 @@
psa_status_t psa_generate_key_internal(
const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = attributes->type;
/* Only used for RSA */
- (void) params;
- (void) params_data_length;
+ (void) custom;
+ (void) custom_data;
+ (void) custom_data_length;
if (key_type_is_raw_bytes(type)) {
status = psa_generate_random_internal(key_buffer, key_buffer_size);
@@ -7889,7 +7895,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
return mbedtls_psa_rsa_generate_key(attributes,
- params, params_data_length,
+ custom_data, custom_data_length,
key_buffer,
key_buffer_size,
key_buffer_length);
@@ -7921,10 +7927,11 @@
return PSA_SUCCESS;
}
-psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key)
+psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
+ mbedtls_svc_key_id_t *key)
{
psa_status_t status;
psa_key_slot_t *slot = NULL;
@@ -7946,12 +7953,12 @@
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- if (params->flags != 0) {
+ if (custom->flags != 0) {
return PSA_ERROR_INVALID_ARGUMENT;
}
} else
#endif
- if (!psa_key_production_parameters_are_default(params, params_data_length)) {
+ if (!psa_custom_key_parameters_are_default(custom, custom_data_length)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -7992,7 +7999,8 @@
}
status = psa_driver_wrapper_generate_key(attributes,
- params, params_data_length,
+ custom,
+ custom_data, custom_data_length,
slot->key.data, slot->key.bytes,
&slot->key.bytes);
if (status != PSA_SUCCESS) {
@@ -8013,9 +8021,10 @@
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t *key)
{
- return psa_generate_key_ext(attributes,
- &default_production_parameters, 0,
- key);
+ return psa_generate_key_custom(attributes,
+ &default_custom_production,
+ NULL, 0,
+ key);
}
/****************************************************************/
diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h
index 9462d2e..e7ff151 100644
--- a/tf-psa-crypto/core/psa_crypto_core.h
+++ b/tf-psa-crypto/core/psa_crypto_core.h
@@ -343,17 +343,18 @@
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length);
-/** Whether a key production parameters structure is the default.
+/** Whether a key custom production parameters structure is the default.
*
- * Calls to a key generation driver with non-default production parameters
+ * Calls to a key generation driver with non-default custom production parameters
* require a driver supporting custom production parameters.
*
- * \param[in] params The key production parameters to check.
- * \param params_data_length Size of `params->data` in bytes.
+ * \param[in] custom The key custom production parameters to check.
+ * \param custom_data_length Size of the associated variable-length data
+ * in bytes.
*/
-int psa_key_production_parameters_are_default(
- const psa_key_production_parameters_t *params,
- size_t params_data_length);
+int psa_custom_key_parameters_are_default(
+ const psa_custom_key_parameters_t *custom,
+ size_t custom_data_length);
/**
* \brief Generate a key.
@@ -362,9 +363,9 @@
* entry point.
*
* \param[in] attributes The attributes for the key to generate.
- * \param[in] params The production parameters from
- * psa_generate_key_ext().
- * \param params_data_length The size of `params->data` in bytes.
+ * \param[in] custom Custom parameters for the key generation.
+ * \param[in] custom_data Variable-length data associated with \c custom.
+ * \param custom_data_length Length of `custom_data` in bytes.
* \param[out] key_buffer Buffer where the key data is to be written.
* \param[in] key_buffer_size Size of \p key_buffer in bytes.
* \param[out] key_buffer_length On success, the number of bytes written in
@@ -379,8 +380,9 @@
* The size of \p key_buffer is too small.
*/
psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length);
diff --git a/tf-psa-crypto/core/psa_crypto_rsa.c b/tf-psa-crypto/core/psa_crypto_rsa.c
index 2f613b3..f8e36d8 100644
--- a/tf-psa-crypto/core/psa_crypto_rsa.c
+++ b/tf-psa-crypto/core/psa_crypto_rsa.c
@@ -241,7 +241,7 @@
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const uint8_t *custom_data, size_t custom_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
psa_status_t status;
@@ -249,8 +249,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int exponent = 65537;
- if (params_data_length != 0) {
- status = psa_rsa_read_exponent(params->data, params_data_length,
+ if (custom_data_length != 0) {
+ status = psa_rsa_read_exponent(custom_data, custom_data_length,
&exponent);
if (status != PSA_SUCCESS) {
return status;
diff --git a/tf-psa-crypto/core/psa_crypto_rsa.h b/tf-psa-crypto/core/psa_crypto_rsa.h
index ffeef26..1a78000 100644
--- a/tf-psa-crypto/core/psa_crypto_rsa.h
+++ b/tf-psa-crypto/core/psa_crypto_rsa.h
@@ -105,17 +105,11 @@
/**
* \brief Generate an RSA key.
*
- * \note The signature of the function is that of a PSA driver generate_key
- * entry point.
- *
* \param[in] attributes The attributes for the RSA key to generate.
- * \param[in] params Production parameters for the key
- * generation. This function only uses
- * `params->data`,
- * which contains the public exponent.
+ * \param[in] custom_data The public exponent to use.
* This can be a null pointer if
* \c params_data_length is 0.
- * \param params_data_length Length of `params->data` in bytes.
+ * \param custom_data_length Length of \p custom_data in bytes.
* This can be 0, in which case the
* public exponent will be 65537.
* \param[out] key_buffer Buffer where the key data is to be written.
@@ -132,7 +126,7 @@
*/
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params, size_t params_data_length,
+ const uint8_t *custom_data, size_t custom_data_length,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
/** Sign an already-calculated hash with an RSA private key.
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index 3525da2..917e533 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -119,8 +119,8 @@
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
- * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
+ * psa_import_key(), psa_generate_key(), psa_generate_key_custom(),
+ * psa_key_derivation_output_key(), psa_key_derivation_output_key_custom()
* or psa_copy_key().
*
* This function may be declared as `static` (i.e. without external
@@ -164,8 +164,8 @@
* value in the structure.
* The persistent key will be written to storage when the attribute
* structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
- * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
+ * psa_import_key(), psa_generate_key(), psa_generate_key_custom(),
+ * psa_key_derivation_output_key(), psa_key_derivation_output_key_custom()
* or psa_copy_key().
*
* This function may be declared as `static` (i.e. without external
@@ -3234,7 +3234,7 @@
* of or after providing inputs. For some algorithms, this step is mandatory
* because the output depends on the maximum capacity.
* -# To derive a key, call psa_key_derivation_output_key() or
- * psa_key_derivation_output_key_ext().
+ * psa_key_derivation_output_key_custom().
* To derive a byte string for a different purpose, call
* psa_key_derivation_output_bytes().
* Successive calls to these functions use successive output bytes
@@ -3457,7 +3457,7 @@
* \note Once all inputs steps are completed, the operations will allow:
* - psa_key_derivation_output_bytes() if each input was either a direct input
* or a key with #PSA_KEY_USAGE_DERIVE set;
- * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext()
+ * - psa_key_derivation_output_key() or psa_key_derivation_output_key_custom()
* if the input for step
* #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
* was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
@@ -3707,9 +3707,9 @@
* on the derived key based on the attributes and strength of the secret key.
*
* \note This function is equivalent to calling
- * psa_key_derivation_output_key_ext()
- * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * and `params_data_length == 0` (i.e. `params->data` is empty).
+ * psa_key_derivation_output_key_custom()
+ * with the custom production parameters #PSA_CUSTOM_KEY_PARAMETERS_INIT
+ * and `custom_data_length == 0` (i.e. `custom_data` is empty).
*
* \param[in] attributes The attributes for the new key.
* If the key type to be created is
@@ -3781,17 +3781,14 @@
* the policy must be the same as in the current
* operation.
* \param[in,out] operation The key derivation operation object to read from.
- * \param[in] params Customization parameters for the key derivation.
- * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * with \p params_data_length = 0,
+ * \param[in] custom Customization parameters for the key generation.
+ * When this is #PSA_CUSTOM_KEY_PARAMETERS_INIT
+ * with \p custom_data_length = 0,
* this function is equivalent to
* psa_key_derivation_output_key().
- * Mbed TLS currently only supports the default
- * production parameters, i.e.
- * #PSA_KEY_PRODUCTION_PARAMETERS_INIT,
- * for all key types.
- * \param params_data_length
- * Length of `params->data` in bytes.
+ * \param[in] custom_data Variable-length data associated with \c custom.
+ * \param custom_data_length
+ * Length of `custom_data` in bytes.
* \param[out] key On success, an identifier for the newly created
* key. For persistent keys, this is the key
* identifier defined in \p attributes.
@@ -3834,11 +3831,12 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_key_derivation_output_key_ext(
+psa_status_t psa_key_derivation_output_key_custom(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
mbedtls_svc_key_id_t *key);
/** Compare output data from a key derivation operation to an expected value.
@@ -3927,7 +3925,7 @@
* operation. The value of this key was likely
* computed by a previous call to
* psa_key_derivation_output_key() or
- * psa_key_derivation_output_key_ext().
+ * psa_key_derivation_output_key_custom().
*
* \retval #PSA_SUCCESS \emptydescription
* \retval #PSA_ERROR_INVALID_SIGNATURE
@@ -4095,9 +4093,9 @@
* between 2^{n-1} and 2^n where n is the bit size specified in the
* attributes.
*
- * \note This function is equivalent to calling psa_generate_key_ext()
- * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * and `params_data_length == 0` (i.e. `params->data` is empty).
+ * \note This function is equivalent to calling psa_generate_key_custom()
+ * with the custom production parameters #PSA_CUSTOM_KEY_PARAMETERS_INIT
+ * and `custom_data_length == 0` (i.e. `custom_data` is empty).
*
* \param[in] attributes The attributes for the new key.
* \param[out] key On success, an identifier for the newly created
@@ -4137,7 +4135,7 @@
* See the description of psa_generate_key() for the operation of this
* function with the default production parameters. In addition, this function
* supports the following production customizations, described in more detail
- * in the documentation of ::psa_key_production_parameters_t:
+ * in the documentation of ::psa_custom_key_parameters_t:
*
* - RSA keys: generation with a custom public exponent.
*
@@ -4145,13 +4143,14 @@
* versions of Mbed TLS.
*
* \param[in] attributes The attributes for the new key.
- * \param[in] params Customization parameters for the key generation.
- * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT
- * with \p params_data_length = 0,
+ * \param[in] custom Customization parameters for the key generation.
+ * When this is #PSA_CUSTOM_KEY_PARAMETERS_INIT
+ * with \p custom_data_length = 0,
* this function is equivalent to
* psa_generate_key().
- * \param params_data_length
- * Length of `params->data` in bytes.
+ * \param[in] custom_data Variable-length data associated with \c custom.
+ * \param custom_data_length
+ * Length of `custom_data` in bytes.
* \param[out] key On success, an identifier for the newly created
* key. For persistent keys, this is the key
* identifier defined in \p attributes.
@@ -4180,10 +4179,11 @@
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
- const psa_key_production_parameters_t *params,
- size_t params_data_length,
- mbedtls_svc_key_id_t *key);
+psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes,
+ const psa_custom_key_parameters_t *custom,
+ const uint8_t *custom_data,
+ size_t custom_data_length,
+ mbedtls_svc_key_id_t *key);
/**@}*/
diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
index 3913551..eabc2f4 100644
--- a/tf-psa-crypto/include/psa/crypto_struct.h
+++ b/tf-psa-crypto/include/psa/crypto_struct.h
@@ -223,21 +223,19 @@
return v;
}
-struct psa_key_production_parameters_s {
+struct psa_custom_key_parameters_s {
/* Future versions may add other fields in this structure. */
uint32_t flags;
- uint8_t data[];
};
/** The default production parameters for key generation or key derivation.
*
- * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext()
- * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and
- * `params_data_length == 0` is equivalent to
- * calling psa_generate_key() or psa_key_derivation_output_key()
+ * Calling psa_generate_key_custom() or psa_key_derivation_output_key_custom()
+ * with `custom=PSA_CUSTOM_KEY_PARAMETERS_INIT` and `custom_data_length=0` is
+ * equivalent to calling psa_generate_key() or psa_key_derivation_output_key()
* respectively.
*/
-#define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 }
+#define PSA_CUSTOM_KEY_PARAMETERS_INIT { 0 }
struct psa_key_policy_s {
psa_key_usage_t MBEDTLS_PRIVATE(usage);
diff --git a/tf-psa-crypto/include/psa/crypto_types.h b/tf-psa-crypto/include/psa/crypto_types.h
index c21bad8..bb857ab 100644
--- a/tf-psa-crypto/include/psa/crypto_types.h
+++ b/tf-psa-crypto/include/psa/crypto_types.h
@@ -457,27 +457,27 @@
/** \brief Custom parameters for key generation or key derivation.
*
- * This is a structure type with at least the following fields:
+ * This is a structure type with at least the following field:
*
* - \c flags: an unsigned integer type. 0 for the default production parameters.
- * - \c data: a flexible array of bytes.
*
- * The interpretation of this structure depend on the type of the
- * created key.
+ * Functions that take such a structure as input also take an associated
+ * input buffer \c custom_data of length \c custom_data_length.
+ *
+ * The interpretation of this structure and the associated \c custom_data
+ * parameter depend on the type of the created key.
*
* - #PSA_KEY_TYPE_RSA_KEY_PAIR:
* - \c flags: must be 0.
- * - \c data: the public exponent, in little-endian order.
+ * - \c custom_data: the public exponent, in little-endian order.
* This must be an odd integer and must not be 1.
* Implementations must support 65537, should support 3 and may
* support other values.
* When not using a driver, Mbed TLS supports values up to \c INT_MAX.
- * If this is empty or if the custom production parameters are omitted
- * altogether, the default value 65537 is used.
+ * If this is empty, the default value 65537 is used.
* - Other key types: reserved for future use. \c flags must be 0.
- *
*/
-typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
+typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t;
/**@}*/
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index 32c7274..eb84bc5 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -6935,17 +6935,17 @@
depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52"
-PSA key derivation: default params -> AES-128
+PSA key derivation custom: default -> AES-128
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
+derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a"
-PSA key derivation: params.flags=1 -> AES-128
+PSA key derivation custom: flags=1 -> AES-128
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:""
+derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:""
-PSA key derivation: params.data non-empty -> AES-128
+PSA key derivation custom: data non-empty -> AES-128
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
-derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
+derive_key_custom:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:""
PSA key derivation: invalid type (0)
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -7520,82 +7520,82 @@
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
-PSA generate key ext: RSA, params.flags=1
+PSA generate key custom: RSA, flags=1
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT
-PSA generate key ext: RSA, empty e
+PSA generate key custom: RSA, empty e
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS
-PSA generate key ext: RSA, e=3
+PSA generate key custom: RSA, e=3
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"03":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"03":PSA_SUCCESS
-PSA generate key ext: RSA, e=3 with leading zeros
+PSA generate key custom: RSA, e=3 with leading zeros
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"000003":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"000003":PSA_SUCCESS
# TODO: currently errors with NOT_SUPPORTED because e is converted to an int
# and the conversion errors out if there are too many digits without checking
# for leading zeros. This is a very minor bug. Re-enable this test when this
# bug is fixed.
-#PSA generate key ext: RSA, e=3 with many leading zeros
+#PSA generate key custom: RSA, e=3 with many leading zeros
#depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-#generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0000000000000000000000000000000003":PSA_SUCCESS
+#generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0000000000000000000000000000000003":PSA_SUCCESS
-PSA generate key ext: RSA, e=513
+PSA generate key custom: RSA, e=513
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS
-PSA generate key ext: RSA, e=65537
+PSA generate key custom: RSA, e=65537
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"010001":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"010001":PSA_SUCCESS
-PSA generate key ext: RSA, e=2^31-1
+PSA generate key custom: RSA, e=2^31-1
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:INT_MAX>=0x7fffffff
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"7fffffff":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"7fffffff":PSA_SUCCESS
-PSA generate key ext: RSA, e=2^31+3 (too large for built-in RSA)
+PSA generate key custom: RSA, e=2^31+3 (too large for built-in RSA)
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0x7fffffff
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"80000003":PSA_ERROR_NOT_SUPPORTED
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"80000003":PSA_ERROR_NOT_SUPPORTED
-PSA generate key ext: RSA, e=2^64+3 (too large for built-in RSA)
+PSA generate key custom: RSA, e=2^64+3 (too large for built-in RSA)
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0xffffffffffffffff
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"010000000000000003":PSA_ERROR_NOT_SUPPORTED
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"010000000000000003":PSA_ERROR_NOT_SUPPORTED
-PSA generate key ext: RSA, e=1
+PSA generate key custom: RSA, e=1
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"01":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"01":PSA_ERROR_INVALID_ARGUMENT
-PSA generate key ext: RSA, e=0
+PSA generate key custom: RSA, e=0
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"00":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"00":PSA_ERROR_INVALID_ARGUMENT
-PSA generate key ext: RSA, e=2
+PSA generate key custom: RSA, e=2
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"02":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"02":PSA_ERROR_INVALID_ARGUMENT
# Check that with a driver, we reject a custom e as unsupported,
# as opposed to silently using the default e.
# When we add proper driver support, remove this test case and remove
# the dependency on MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE from
# the positive/invalid_argument test cases.
-PSA generate key ext: RSA, e=3 with driver and no fallback (not yet supported)
+PSA generate key custom: RSA, e=3 with driver and no fallback (not yet supported)
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"03":PSA_ERROR_NOT_SUPPORTED
+generate_key_custom:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"03":PSA_ERROR_NOT_SUPPORTED
-PSA generate key ext: ECC, flags=0
+PSA generate key custom: ECC, flags=0
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS
+generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS
-PSA generate key ext: ECC, flags=1
+PSA generate key custom: ECC, flags=1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT
-PSA generate key ext: ECC, params.data non-empty
+PSA generate key custom: ECC, data non-empty
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH
-generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
+generate_key_custom:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT
PSA concurrent key generation: bad type (RSA public key)
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD
@@ -7741,9 +7741,6 @@
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD
concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5
-Key production parameters initializers
-key_production_parameters_init:
-
PSA import persistent key: raw data, 8 bits
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index 0c8552b..f6503f7 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -1312,30 +1312,6 @@
}
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
-static int setup_key_production_parameters(
- psa_key_production_parameters_t **params, size_t *params_data_length,
- int flags_arg, const data_t *params_data)
-{
- *params_data_length = params_data->len;
- /* If there are N bytes of padding at the end of
- * psa_key_production_parameters_t, then it's enough to allocate
- * MIN(sizeof(psa_key_production_parameters_t),
- * offsetof(psa_key_production_parameters_t, data) + params_data_length).
- *
- * For simplicity, here, we allocate up to N more bytes than necessary.
- * In practice, the current layout of psa_key_production_parameters_t
- * makes padding extremely unlikely, so we don't worry about testing
- * that the library code doesn't try to access these extra N bytes.
- */
- *params = mbedtls_calloc(1, sizeof(**params) + *params_data_length);
- TEST_ASSERT(*params != NULL);
- (*params)->flags = (uint32_t) flags_arg;
- memcpy((*params)->data, params_data->x, params_data->len);
- return 1;
-exit:
- return 0;
-}
-
#if defined(MBEDTLS_THREADING_PTHREAD)
typedef struct same_key_context {
@@ -9592,23 +9568,23 @@
/* END_CASE */
/* BEGIN_CASE */
-void derive_key_ext(int alg_arg,
- data_t *key_data,
- data_t *input1,
- data_t *input2,
- int key_type_arg, int bits_arg,
- int flags_arg,
- data_t *params_data,
- psa_status_t expected_status,
- data_t *expected_export)
+void derive_key_custom(int alg_arg,
+ data_t *key_data,
+ data_t *input1,
+ data_t *input2,
+ int key_type_arg, int bits_arg,
+ int flags_arg,
+ data_t *custom_data,
+ psa_status_t expected_status,
+ data_t *expected_export)
{
mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT;
mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT;
const psa_algorithm_t alg = alg_arg;
const psa_key_type_t key_type = key_type_arg;
const size_t bits = bits_arg;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length = 0;
+ psa_custom_key_parameters_t custom = PSA_CUSTOM_KEY_PARAMETERS_INIT;
+ custom.flags = flags_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
const size_t export_buffer_size =
PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits);
@@ -9638,14 +9614,11 @@
psa_set_key_algorithm(&derived_attributes, 0);
psa_set_key_type(&derived_attributes, key_type);
psa_set_key_bits(&derived_attributes, bits);
- if (!setup_key_production_parameters(¶ms, ¶ms_data_length,
- flags_arg, params_data)) {
- goto exit;
- }
- TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation,
- params, params_data_length,
- &derived_key),
+ TEST_EQUAL(psa_key_derivation_output_key_custom(
+ &derived_attributes, &operation,
+ &custom, custom_data->x, custom_data->len,
+ &derived_key),
expected_status);
if (expected_status == PSA_SUCCESS) {
@@ -9658,7 +9631,6 @@
exit:
mbedtls_free(export_buffer);
- mbedtls_free(params);
psa_key_derivation_abort(&operation);
psa_destroy_key(base_key);
psa_destroy_key(derived_key);
@@ -10153,13 +10125,13 @@
/* END_CASE */
/* BEGIN_CASE */
-void generate_key_ext(int type_arg,
- int bits_arg,
- int usage_arg,
- int alg_arg,
- int flags_arg,
- data_t *params_data,
- int expected_status_arg)
+void generate_key_custom(int type_arg,
+ int bits_arg,
+ int usage_arg,
+ int alg_arg,
+ int flags_arg,
+ data_t *custom_data,
+ int expected_status_arg)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t type = type_arg;
@@ -10168,8 +10140,8 @@
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_production_parameters_t *params = NULL;
- size_t params_data_length = 0;
+ psa_custom_key_parameters_t custom = PSA_CUSTOM_KEY_PARAMETERS_INIT;
+ custom.flags = flags_arg;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
@@ -10179,15 +10151,11 @@
psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits);
- if (!setup_key_production_parameters(¶ms, ¶ms_data_length,
- flags_arg, params_data)) {
- goto exit;
- }
-
/* Generate a key */
- psa_status_t status = psa_generate_key_ext(&attributes,
- params, params_data_length,
- &key);
+ psa_status_t status =
+ psa_generate_key_custom(&attributes,
+ &custom, custom_data->x, custom_data->len,
+ &key);
TEST_EQUAL(status, expected_status);
if (expected_status != PSA_SUCCESS) {
@@ -10201,7 +10169,7 @@
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- TEST_ASSERT(rsa_test_e(key, bits, params_data));
+ TEST_ASSERT(rsa_test_e(key, bits, custom_data));
}
#endif
@@ -10216,24 +10184,11 @@
* thus reset them as required.
*/
psa_reset_key_attributes(&got_attributes);
- mbedtls_free(params);
psa_destroy_key(key);
PSA_DONE();
}
/* END_CASE */
-/* BEGIN_CASE */
-void key_production_parameters_init()
-{
- psa_key_production_parameters_t init = PSA_KEY_PRODUCTION_PARAMETERS_INIT;
- psa_key_production_parameters_t zero;
- memset(&zero, 0, sizeof(zero));
-
- TEST_EQUAL(init.flags, 0);
- TEST_EQUAL(zero.flags, 0);
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void persistent_key_load_key_from_storage(data_t *data,
int type_arg, int bits_arg,