mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-11 00:44:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

test_suite_pk: replace USE_PSA with CRYPTO_CLIENT in tests with opaque keys

Browse Source 
This commit also resolves upcoming issues found in pk_internal.h and
pkwrite.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-02-20 16:47:31 +01:00
parent 9190522b08
commit 17033e373c
3 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/pk_internal.h
View File

@ -87,7 +87,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c
{
mbedtls_ecp_group_id id;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t opaque_key_type;
@ -101,7 +101,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c
id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs));
psa_reset_key_attributes(&opaque_attrs);
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
{
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits);

10
library/pkwrite.c
View File

@ -348,7 +348,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
/******************************************************************************
* Internal functions for Opaque keys.
******************************************************************************/
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *pk)
{
@ -370,7 +370,7 @@ static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
return (int) len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/******************************************************************************
* Generic helpers
@ -382,7 +382,7 @@ static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk)
{
mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t opaque_key_type;
@ -424,11 +424,11 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
} else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len;

39
tests/suites/test_suite_pk.function
View File

@ -737,27 +737,35 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO:MBEDTLS_PSA_CRYPTO_C */
void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
{
mbedtls_pk_context pub, prv, alt;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int opaque_ret = ret;
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
mbedtls_pk_init(&pub);
mbedtls_pk_init(&prv);
mbedtls_pk_init(&alt);
USE_PSA_INIT();
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* mbedtls_pk_check_pair() returns either PK or ECP error codes depending
on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the
two */
/* In case of EC keys, mbedtls_pk_check_pair() returns either PK or ECP
* error codes depending on whether PSA or ECP functions are used to perform
* the check.
* - For non-opaque keys PSA functions are used when USE_PSA is enabled,
* otherwise legacy ones (ECP) are used.
* - For opaque keys PSA functions are always used as soon as opaque keys
* are supported (i.e. MBEDTLS_PSA_CRYPTO_C enabled). */
if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
opaque_ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
#endif
}
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
@ -778,20 +786,23 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
== ret);
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
PSA_ALG_ANY_HASH,
PSA_KEY_USAGE_EXPORT, 0), 0);
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
NULL), ret);
NULL), opaque_ret);
}
#endif
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_destroy_key(opaque_key_id);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
mbedtls_pk_free(&pub);
mbedtls_pk_free(&prv);
mbedtls_pk_free(&alt);
@ -1250,7 +1261,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C */
void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
char *input_P, char *input_Q,
char *input_N, char *input_E,
@ -1489,7 +1500,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PK_PSA_SIGN */
void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
{
mbedtls_pk_context pk;