Update test for Opaque PK key

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2025-02-25 09:41:00 +00:00 · 2022-03-15 14:20:20 +01:00 · 2022-03-15 14:20:20 +01:00 · 0cd78ddd71
commit 0cd78ddd71
parent eabbf9d907
2 changed files with 54 additions and 12 deletions
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@ -41,8 +41,13 @@ PK utils: ECDSA SECP521R1
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA"

-PK PSA utilities: setup/free, info functions, unsupported operations
-pk_psa_utils:
+PK PSA utilities: ECDSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_psa_utils:0
+
+PK PSA utilities: RSA setup/free, info functions, unsupported operations
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_psa_utils:1

 RSA verify test vector #1 (good)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -88,11 +88,11 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
 #if defined(MBEDTLS_USE_PSA_CRYPTO)

 /*
- * Generate a key using PSA and return the key identifier of that key,
+ * Generate an ECC key using PSA and return the key identifier of that key,
 * or 0 if the key generation failed.
 * The key uses NIST P-256 and is usable for signing with SHA-256.
 */
-mbedtls_svc_key_id_t pk_psa_genkey( void )
+mbedtls_svc_key_id_t pk_psa_genkey_ecc( void )
 {
    mbedtls_svc_key_id_t key;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -106,6 +106,27 @@ mbedtls_svc_key_id_t pk_psa_genkey( void )
    psa_set_key_bits( &attributes, bits );
    PSA_ASSERT( psa_generate_key( &attributes, &key ) );

+exit:
+    return( key );
+}
+
+/*
+ * Generate an RSA key using PSA and return the key identifier of that key,
+ * or 0 if the key generation failed.
+ */
+mbedtls_svc_key_id_t pk_psa_genkey_rsa( void )
+{
+    mbedtls_svc_key_id_t key;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+    const size_t bits = 256;
+
+    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+    psa_set_key_algorithm( &attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW );
+    psa_set_key_type( &attributes, type );
+    psa_set_key_bits( &attributes, bits );
+    PSA_ASSERT( psa_generate_key( &attributes, &key ) );
+
 exit:
    return( key );
 }
@ -117,8 +138,8 @@ exit:
 * END_DEPENDENCIES
 */

-/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-void pk_psa_utils(  )
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_psa_utils( int key_is_rsa )
 {
    mbedtls_pk_context pk, pk2;
    mbedtls_svc_key_id_t key;
@ -145,7 +166,10 @@ void pk_psa_utils(  )
    mbedtls_pk_free( &pk );
    mbedtls_pk_init( &pk );

-    key = pk_psa_genkey();
+    if( key_is_rsa )
+        key = pk_psa_genkey_rsa();
+    else
+        key = pk_psa_genkey_ecc();
    if( mbedtls_svc_key_id_is_null( key ) )
        goto exit;

@ -157,9 +181,18 @@ void pk_psa_utils(  )
    TEST_ASSERT( mbedtls_pk_get_bitlen( &pk ) == bitlen );
    TEST_ASSERT( mbedtls_pk_get_len( &pk ) == bitlen / 8 );

-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
-    TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+    if( key_is_rsa )
+    {
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 0 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 0 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 1 );
+    }
+    else
+    {
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECKEY ) == 1 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_ECDSA ) == 1 );
+        TEST_ASSERT( mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) == 0 );
+    }

    /* unsupported operations: verify, decrypt, encrypt */
    TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
@ -175,8 +208,12 @@ void pk_psa_utils(  )
                 == MBEDTLS_ERR_PK_TYPE_MISMATCH );

    /* unsupported functions: check_pair, debug */
-    TEST_ASSERT( mbedtls_pk_setup( &pk2,
-                 mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
+    if( key_is_rsa )
+        TEST_ASSERT( mbedtls_pk_setup( &pk2,
+                     mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+    else
+        TEST_ASSERT( mbedtls_pk_setup( &pk2,
+                     mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
    TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
                                        mbedtls_test_rnd_std_rand, NULL )
                 == MBEDTLS_ERR_PK_TYPE_MISMATCH );