From 0cd78ddd715bbb4069ceb67d506d57f6ed323dd2 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Tue, 15 Mar 2022 14:20:20 +0100
Subject: [PATCH] Update test for Opaque PK key

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 tests/suites/test_suite_pk.data     |  9 ++++-
 tests/suites/test_suite_pk.function | 57 ++++++++++++++++++++++++-----
 2 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index cf40e5514e..520a8c24b2 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -41,8 +41,13 @@ PK utils: ECDSA SECP521R1
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"
 
-PK PSA utilities: setup/free, info functions, unsupported operations
-pk_psa_utils:
+PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_utils:0
+
+PK PSA utilities: RSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_psa_utils:1
 
 RSA verify test vector #1 (good)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ccb90e780c..0a64bc92fd 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -88,11 +88,11 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
 /*
- * Generate a key using PSA and return the key identifier of that key,
+ * Generate an ECC key using PSA and return the key identifier of that key,
  * or 0 if the key generation failed.
  * The key uses NIST P-256 and is usable for signing with SHA-256.
  */
-mbedtls_svc_key_id_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey_ecc( void )
 {
     mbedtls_svc_key_id_t key;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -106,6 +106,27 @@ mbedtls_svc_key_id_t pk_psa_genkey( void )
     psa_set_key_bits( &attributes, bits );
     PSA_ASSERT( psa_generate_key( &attributes, &key ) );
 
+exit:
+    return( key );
+}
+
+/*
+ * Generate an RSA key using PSA and return the key identifier of that key,
+ * or 0 if the key generation failed.
+ */
+mbedtls_svc_key_id_t pk_psa_genkey_rsa( void )
+{
+    mbedtls_svc_key_id_t key;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+    const size_t bits = 256;
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+    psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, bits );
+    PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+
 exit:
     return( key );
 }
@@ -117,8 +138,8 @@ exit:
  * END_DEPENDENCIES
  */
 
-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void pk_psa_utils(  )
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_utils( int key_is_rsa )
 {
     mbedtls_pk_context pk, pk2;
     mbedtls_svc_key_id_t key;
@@ -145,7 +166,10 @@ void pk_psa_utils(  )
     mbedtls_pk_free( &pk );
     mbedtls_pk_init( &pk );
 
-    key = pk_psa_genkey();
+    if( key_is_rsa )
+        key = pk_psa_genkey_rsa();
+    else
+        key = pk_psa_genkey_ecc();
     if( mbedtls_svc_key_id_is_null( key ) )
         goto exit;
 
@@ -157,9 +181,18 @@ void pk_psa_utils(  )
     TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
     TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );
 
-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+    if( key_is_rsa )
+    {
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+    }
 
     /* unsupported operations: verify, decrypt, encrypt */
     TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
@@ -175,8 +208,12 @@ void pk_psa_utils(  )
                  == MBEDTLS_ERR_PK_TYPE_MISMATCH );
 
     /* unsupported functions: check_pair, debug */
-    TEST_ASSERT( mbedtls_pk_setup( &pk2,
-                 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+    if( key_is_rsa )
+        TEST_ASSERT( mbedtls_pk_setup( &pk2,
+                     mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+    else
+        TEST_ASSERT( mbedtls_pk_setup( &pk2,
+                     mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
     TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
                                         mbedtls_test_rnd_std_rand, NULL )
                  == MBEDTLS_ERR_PK_TYPE_MISMATCH );