Merge pull request #8700 from valeriosetti/issue8461

psa_asymmetric_encrypt() doesn't work with opaque driver

Author: mpg

ChangeLog.d/8461.txt

@@ -0,0 +1,4 @@
+Bugfix
+   * Fix unsupported PSA asymmetric encryption and decryption
+     (psa_asymmetric_[en|de]crypt) with opaque keys.
+     Resolves #8461.

library/psa_crypto.c

@@ -3113,7 +3113,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
         return PSA_ERROR_INVALID_ARGUMENT;
     }
 
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
+    status = psa_get_and_lock_key_slot_with_policy(
         key, &slot, PSA_KEY_USAGE_ENCRYPT, alg);
     if (status != PSA_SUCCESS) {
         return status;
@@ -3165,7 +3165,7 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
         return PSA_ERROR_INVALID_ARGUMENT;
     }
 
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
+    status = psa_get_and_lock_key_slot_with_policy(
         key, &slot, PSA_KEY_USAGE_DECRYPT, alg);
     if (status != PSA_SUCCESS) {
         return status;

tests/include/test/drivers/key_management.h

@@ -67,6 +67,10 @@ void mbedtls_test_transparent_free(void);
 psa_status_t mbedtls_test_opaque_init(void);
 void mbedtls_test_opaque_free(void);
 
+psa_status_t mbedtls_test_opaque_unwrap_key(
+    const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer,
+    size_t key_buffer_size, size_t *key_buffer_length);
+
 psa_status_t mbedtls_test_transparent_generate_key(
     const psa_key_attributes_t *attributes,
     uint8_t *key, size_t key_size, size_t *key_length);

tests/src/drivers/test_driver_asymmetric_encryption.c

@@ -13,11 +13,15 @@
 #include "psa_crypto_rsa.h"
 #include "string.h"
 #include "test/drivers/asymmetric_encryption.h"
+#include "test/drivers/key_management.h"
 
 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
 #include "libtestdriver1/library/psa_crypto_rsa.h"
 #endif
 
+#define PSA_RSA_KEY_PAIR_MAX_SIZE \
+    PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
+
 mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
     MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
 
@@ -104,25 +108,39 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
 }
 
 /*
- * opaque versions - TODO
+ * opaque versions
  */
 psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
     const psa_key_attributes_t *attributes, const uint8_t *key,
     size_t key_length, psa_algorithm_t alg, const uint8_t *input,
     size_t input_length, const uint8_t *salt, size_t salt_length,
     uint8_t *output, size_t output_size, size_t *output_length)
 {
-    (void) attributes;
-    (void) key;
-    (void) key_length;
-    (void) alg;
-    (void) input;
-    (void) input_length;
-    (void) salt;
-    (void) salt_length;
-    (void) output;
-    (void) output_size;
-    (void) output_length;
+    unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
+    size_t unwrapped_key_length;
+    psa_status_t status;
+
+    status = mbedtls_test_opaque_unwrap_key(key, key_length,
+                                            unwrapped_key, sizeof(unwrapped_key),
+                                            &unwrapped_key_length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+    (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
+    return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
+        (const libtestdriver1_psa_key_attributes_t *) attributes,
+        unwrapped_key, unwrapped_key_length,
+        alg, input, input_length, salt, salt_length,
+        output, output_size, output_length);
+#else
+    return mbedtls_psa_asymmetric_encrypt(
+        attributes, unwrapped_key, unwrapped_key_length,
+        alg, input, input_length, salt, salt_length,
+        output, output_size, output_length);
+#endif
+
     return PSA_ERROR_NOT_SUPPORTED;
 }
 
@@ -132,17 +150,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
     size_t input_length, const uint8_t *salt, size_t salt_length,
     uint8_t *output, size_t output_size, size_t *output_length)
 {
-    (void) attributes;
-    (void) key;
-    (void) key_length;
-    (void) alg;
-    (void) input;
-    (void) input_length;
-    (void) salt;
-    (void) salt_length;
-    (void) output;
-    (void) output_size;
-    (void) output_length;
+    unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
+    size_t unwrapped_key_length;
+    psa_status_t status;
+
+    status = mbedtls_test_opaque_unwrap_key(key, key_length,
+                                            unwrapped_key, sizeof(unwrapped_key),
+                                            &unwrapped_key_length);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+    (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
+    return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
+        (const libtestdriver1_psa_key_attributes_t *) attributes,
+        unwrapped_key, unwrapped_key_length,
+        alg, input, input_length, salt, salt_length,
+        output, output_size, output_length);
+#else
+    return mbedtls_psa_asymmetric_decrypt(
+        attributes, unwrapped_key, unwrapped_key_length,
+        alg, input, input_length, salt, salt_length,
+        output, output_size, output_length);
+#endif
+
     return PSA_ERROR_NOT_SUPPORTED;
 }
 

tests/src/drivers/test_driver_key_management.c

@@ -159,7 +159,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key(
  * The argument key_buffer_length is filled with the unwrapped(clear)
  * key_size on success.
  * */
-static psa_status_t mbedtls_test_opaque_unwrap_key(
+psa_status_t mbedtls_test_opaque_unwrap_key(
     const uint8_t *wrapped_key,
     size_t wrapped_key_length,
     uint8_t *key_buffer,