From cf72dc8c3e3cf7bd8813a94b26b338bcb67fdaa7 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 3 Dec 2024 15:52:55 +0000 Subject: [PATCH 1/5] Add Header and implementation of internal iop export public-key get_num_ops() API Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c | 6 ++++++ tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c index 3ca28fa984fb..a4db6347f020 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c @@ -664,6 +664,12 @@ psa_status_t mbedtls_psa_ecp_generate_key_iop_abort( return PSA_SUCCESS; } +uint32_t mbedtls_psa_ecp_export_public_key_iop_get_num_ops( + mbedtls_psa_export_public_key_iop_t *operation) +{ + return operation->num_ops; +} + psa_status_t mbedtls_psa_ecp_export_public_key_iop_setup( mbedtls_psa_export_public_key_iop_t *operation, uint8_t *key, diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h index c220e827133a..a8e3835d158b 100644 --- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h +++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h @@ -120,6 +120,17 @@ psa_status_t mbedtls_psa_ecp_export_public_key( const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); +/** + * \brief Get the total number of ops that an export public-key operation has taken + * Since it's start. + * + * \param[in] operation The \c mbedtls_psa_export_public_key_iop_t to use. + * + * \return Total number of operations. + */ +uint32_t mbedtls_psa_ecp_export_public_key_iop_get_num_ops( + mbedtls_psa_export_public_key_iop_t *operation); + /** * \brief Setup a new interruptible export public-key operation. * From ef8f751f035024d61032877b848de026fa48ba9a Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 3 Dec 2024 15:54:26 +0000 Subject: [PATCH 2/5] Add PSA iop export public-key get_num_ops() functionality Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 4db4fbc2c7fb..a4b856e994a1 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1686,8 +1686,12 @@ static psa_status_t psa_export_public_key_iop_abort_internal(psa_export_public_k uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t *operation) { +#if defined(MBEDTLS_ECP_RESTARTABLE) + return operation->num_ops; +#else (void) operation; return 0; +#endif } psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t *operation, @@ -1761,6 +1765,8 @@ psa_status_t psa_export_public_key_iop_complete(psa_export_public_key_iop_t *ope status = mbedtls_psa_ecp_export_public_key_iop_complete(&operation->ctx, data, data_size, data_length); + operation->num_ops = mbedtls_psa_ecp_export_public_key_iop_get_num_ops(&operation->ctx); + if (status != PSA_OPERATION_INCOMPLETE) { psa_export_public_key_iop_abort_internal(operation); From 6f37713d4447c5875208da9091528df973ac761e Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 3 Dec 2024 15:56:08 +0000 Subject: [PATCH 3/5] Rename interruptible_key_agreement_get_min_num_ops() Rename interruptible_key_agreement_get_min_num_ops() testing helper function to interruptible_operations_get_min_num_ops() since it's values are not only specefic to key agreement but to any resartable ecp operation. Also add different key sizes and rounding up for keys where there are no data available. Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/tests/suites/test_suite_psa_crypto.function | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 6be0f60c1179..24fe75f00589 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -1246,11 +1246,13 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, /* ECP need to block for a minimum number of operations even if max_ops is set to a lower value. This functions calculates this minimum value given the curve size and the window size. */ -static uint32_t interruptible_key_agreement_get_min_num_ops(size_t key_bits) +static uint32_t interruptible_operations_get_min_num_ops(size_t key_bits) { /* Those values are taken from documentation of mbedtls_ecp_set_max_ops() in ecp.h. Those values can change at any time. */ switch (key_bits) { + case 192: + case 255: case 256: { const uint32_t min_values[5] = { 208, 208, 160, 136, 124 }; // P-256 @@ -1263,6 +1265,7 @@ static uint32_t interruptible_key_agreement_get_min_num_ops(size_t key_bits) return min_values[6 - MBEDTLS_ECP_WINDOW_SIZE]; break; } + case 448: case 512: case 521: { @@ -9968,7 +9971,7 @@ void key_agreement_interruptible(int alg_arg, mbedtls_ecp_check_pubkey() */ TEST_EQUAL(num_ops_prior, MBEDTLS_ECP_OPS_CHK); - min_num_ops = interruptible_key_agreement_get_min_num_ops(key_bits); + min_num_ops = interruptible_operations_get_min_num_ops(key_bits); do { From 9957ab578cec492922bca349e8f049d2d8badb56 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 3 Dec 2024 15:59:08 +0000 Subject: [PATCH 4/5] Add testing for psa_export_public_key_iop_get_num_ops() API Signed-off-by: Waleed Elmelegy --- .../tests/suites/test_suite_psa_crypto.data | 148 +++++++++++++++--- .../suites/test_suite_psa_crypto.function | 33 +++- 2 files changed, 159 insertions(+), 22 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index fc8ebb5abe3b..4c8904f5fd23 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7944,49 +7944,157 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY PSA derive persistent key: HKDF SHA-256, exportable persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY -PSA interruptible export public key: ECC, SECP256R1, good +PSA interruptible export public key: ECC, SECP256R1, Num of ops: 5, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS -PSA interruptible export public key: ECC, Curve25519, good +PSA interruptible export public key: ECC, SECP256R1, Num of ops: 100, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP256R1, Num of ops: 0, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, SECP256R1, Num of ops: Max, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve25519, Num of ops: 5, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve25519, Num of ops: 100, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve25519, Num of ops: 0, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve25519, Num of ops: Max, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Curve448, Num of ops: 5, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS -PSA interruptible export public key: ECC, Curve448, good +PSA interruptible export public key: ECC, Curve448, Num of ops: 100, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS -PSA interruptible export public key: ECC, SECP384R1, good +PSA interruptible export public key: ECC, Num of ops: 0, Curve448, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: Max, Curve448, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, SECP384R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, SECP384R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 0, SECP384R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: Max, SECP384R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, SECP521R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, SECP521R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 0, SECP521R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS -PSA interruptible export public key: ECC, SECP521R1, good +PSA interruptible export public key: ECC, Num of ops: Max, SECP521R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_521 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, SECP192K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, SECP192K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS -PSA interruptible export public key: ECC, SECP192K1, good +PSA interruptible export public key: ECC, Num of ops: 0, SECP192K1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS -PSA interruptible export public key: ECC, SECP256K1, good +PSA interruptible export public key: ECC, Num of ops: Max, SECP192K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_192 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, SECP256K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, SECP256K1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS -PSA interruptible export public key: ECC, brainpool256r1, good +PSA interruptible export public key: ECC, Num of ops: 0, SECP256K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: Max, SECP256K1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_K1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, brainpool256r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, brainpool256r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 0, brainpool256r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: Max, brainpool256r1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 5, brainpool384r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:5:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 100, brainpool384r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:100:PSA_SUCCESS + +PSA interruptible export public key: ECC, Num of ops: 0, brainpool384r1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS -PSA interruptible export public key: ECC, brainpool384r1, good +PSA interruptible export public key: ECC, Num of ops: Max, brainpool384r1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +iop_export_public_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_SUCCESS PSA interruptible export public key: RSA, not ECC key, Not supported depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 -iop_export_public_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED +iop_export_public_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_ERROR_NOT_SUPPORTED PSA interruptible export public key: AES, not keypair, Invalid argument depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES -iop_export_public_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_ERROR_INVALID_ARGUMENT +iop_export_public_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:PSA_ERROR_INVALID_ARGUMENT PSA export public-key interruptible object initializers zero properly export_public_key_iop_init: diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 24fe75f00589..9b261fd252e7 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -10434,6 +10434,7 @@ void iop_export_public_key( int bits_arg, int usage_arg, int alg_arg, + int max_ops_arg, int expected_status_arg) { mbedtls_svc_key_id_t iop_key = MBEDTLS_SVC_KEY_ID_INIT; @@ -10450,6 +10451,10 @@ void iop_export_public_key( { 0 }; size_t refrence_output_len = 0; psa_status_t status; + uint32_t num_ops_prior = 0; + uint32_t num_ops = 0; + uint32_t max_ops = max_ops_arg; + uint32_t min_num_ops = 0; PSA_ASSERT(psa_crypto_init()); @@ -10493,11 +10498,32 @@ void iop_export_public_key( expected_status = PSA_ERROR_BAD_STATE; } + num_ops_prior = psa_export_public_key_iop_get_num_ops(&export_key_operation); + TEST_EQUAL(num_ops_prior, 0); + + psa_interruptible_set_max_ops(max_ops); + +#if defined(MBEDTLS_ECP_RESTARTABLE) + min_num_ops = interruptible_operations_get_min_num_ops(bits); +#endif + do { status = psa_export_public_key_iop_complete(&export_key_operation, output, sizeof(output), &output_len); + + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { + num_ops = psa_export_public_key_iop_get_num_ops(&export_key_operation); + TEST_LE_U(num_ops_prior + 1, num_ops); + if (max_ops <= min_num_ops) { + TEST_LE_U(num_ops - num_ops_prior, min_num_ops); + } else { + TEST_LE_U(num_ops - num_ops_prior, max_ops); + } + num_ops_prior = num_ops; + } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_EQUAL(status, expected_status); @@ -10508,6 +10534,11 @@ void iop_export_public_key( &output_len); TEST_EQUAL(status, PSA_ERROR_BAD_STATE); + PSA_ASSERT(psa_export_public_key_iop_abort(&export_key_operation)); + + num_ops = psa_export_public_key_iop_get_num_ops(&export_key_operation); + TEST_EQUAL(num_ops, 0); + if (expected_status == PSA_SUCCESS) { status = psa_export_public_key(iop_key, refrence_output, @@ -10519,8 +10550,6 @@ void iop_export_public_key( /* Test psa_export_public_key_iop_complete() returns right error code when output buffer is not enough. */ - PSA_ASSERT(psa_export_public_key_iop_abort(&export_key_operation)); - status = psa_export_public_key_iop_setup(&export_key_operation, iop_key); TEST_EQUAL(status, PSA_SUCCESS); From 254b6f2eb966b9ad6b2dcfd5822be7348c61cfe2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 3 Dec 2024 16:09:39 +0000 Subject: [PATCH 5/5] Add Changelog entry for interruptible export public-key Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-psa-iop-export-public-key.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add-psa-iop-export-public-key.txt diff --git a/ChangeLog.d/add-psa-iop-export-public-key.txt b/ChangeLog.d/add-psa-iop-export-public-key.txt new file mode 100644 index 000000000000..a17cef28c843 --- /dev/null +++ b/ChangeLog.d/add-psa-iop-export-public-key.txt @@ -0,0 +1,3 @@ +Features + * Add an interruptible version of export public-key to the PSA interface. + See psa_export_public_key_iop_setup() and related functions.