mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mbedtls_pk_import_into_psa: positive tests with pkparse output

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-02-09 19:29:44 +01:00
parent 10e9c412c0
commit 157679c0d5
1 changed files with 100 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
tests/suites/test_suite_pkparse.function
View File

@ -6,10 +6,82 @@
#include "mbedtls/psa_util.h"
#include "pk_internal.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "test/psa_exercise_key.h"
#endif
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
#define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
static int test_psa_bridge(const mbedtls_pk_context *ctx,
psa_key_usage_t usage_flag)
{
switch (usage_flag) {
case PSA_KEY_USAGE_SIGN_HASH:
mbedtls_test_set_step(0);
break;
case PSA_KEY_USAGE_SIGN_MESSAGE:
mbedtls_test_set_step(1);
break;
case PSA_KEY_USAGE_DECRYPT:
mbedtls_test_set_step(2);
break;
case PSA_KEY_USAGE_DERIVE:
mbedtls_test_set_step(3);
break;
case PSA_KEY_USAGE_VERIFY_HASH:
mbedtls_test_set_step(4);
break;
case PSA_KEY_USAGE_VERIFY_MESSAGE:
mbedtls_test_set_step(5);
break;
case PSA_KEY_USAGE_ENCRYPT:
mbedtls_test_set_step(6);
break;
}
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t psa_key = MBEDTLS_SVC_KEY_ID_INIT;
int ok = 0;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0);
TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0);
psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes);
psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes);
TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key,
exercise_usage, exercise_alg));
mbedtls_test_set_step((unsigned long) -1);
ok = 1;
exit:
psa_destroy_key(psa_key);
psa_reset_key_attributes(&attributes);
return ok;
}
/* Whether a pk key can do ECDSA. Opaque keys are not supported since this
* test suite does not create opaque keys. */
static int pk_can_ecdsa(const mbedtls_pk_context *ctx)
{
/* Check whether we have an EC key. Unfortunately this also accepts
* keys on Montgomery curves, which can only do ECDH, so we'll have
* to dig further. */
if (!mbedtls_pk_can_do(ctx, MBEDTLS_PK_ECDSA)) {
return 0;
}
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
return ctx->ec_family != PSA_ECC_FAMILY_MONTGOMERY;
#elif defined(MBEDTLS_ECDSA_C)
return mbedtls_ecdsa_can_do(mbedtls_pk_ec_ro(*ctx)->grp.id);
#else
return 0;
#endif
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -43,36 +115,19 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DECRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
PSA_INIT();
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DECRYPT));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT));
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_PSA_DONE();
PSA_DONE();
}
/* END_CASE */
@ -97,24 +152,16 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result)
TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_ENCRYPT,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
PSA_INIT();
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT));
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_PSA_DONE();
PSA_DONE();
}
/* END_CASE */
@ -144,20 +191,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result)
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
PSA_INIT();
if (pk_can_ecdsa(&ctx)) {
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE));
}
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_OR_USE_PSA_DONE();
PSA_DONE();
}
/* END_CASE */
@ -185,32 +229,20 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result)
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_SIGN_MESSAGE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_DERIVE,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_HASH,
&attributes), 0);
psa_reset_key_attributes(&attributes);
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
PSA_KEY_USAGE_VERIFY_MESSAGE,
&attributes), 0);
PSA_INIT();
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DERIVE));
if (pk_can_ecdsa(&ctx)) {
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH));
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE));
}
#endif
}
exit:
mbedtls_pk_free(&ctx);
MD_OR_USE_PSA_DONE();
PSA_DONE();
}
/* END_CASE */