diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index ecd80a43a8..18e165b430 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -310,42 +310,46 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64 PSA wrapped sign: SECP256R1 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 -# depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +# depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP224K1_ENABLED # pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 PSA wrapped sign: BP256R1 -depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 PSA wrapped sign: BP384R1 -depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 PSA wrapped sign: BP512R1 -depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 +PSA wrapped sign: RSA PKCS1 v1.5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +pk_psa_sign:512:PSA_KEY_TYPE_RSA_KEY_PAIR:512 + PK Sign ext:RSA2048,PK_RSA,MD_SHA256 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index fe2a001eaa..7f2b2b8d57 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1043,14 +1043,13 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO */ void pk_psa_sign( int parameter_arg, int psa_type_arg, int expected_bits_arg ) { - mbedtls_ecp_group_id grpid = parameter_arg; mbedtls_pk_context pk; unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char pkey_legacy[200]; unsigned char pkey_psa[200]; unsigned char *pkey_legacy_start, *pkey_psa_start; @@ -1063,7 +1062,7 @@ void pk_psa_sign( int parameter_arg, /* * This tests making signatures with a wrapped PSA key: - * - generate a fresh ECP legacy PK context + * - generate a fresh ECP/RSA legacy PK context * - wrap it in a PK context and make a signature this way * - extract the public key * - parse it to a PK context and verify the signature this way @@ -1071,13 +1070,38 @@ void pk_psa_sign( int parameter_arg, PSA_ASSERT( psa_crypto_init( ) ); - /* Create legacy EC public/private key in PK context. */ - mbedtls_pk_init( &pk ); - TEST_ASSERT( mbedtls_pk_setup( &pk, - mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_key( grpid, - (mbedtls_ecp_keypair*) pk.pk_ctx, - mbedtls_test_rnd_std_rand, NULL ) == 0 ); +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) + if( PSA_KEY_TYPE_IS_RSA( psa_type_arg ) ) + { + /* Create legacy RSA public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); + TEST_ASSERT( mbedtls_rsa_gen_key( mbedtls_pk_rsa( pk ), + mbedtls_test_rnd_std_rand, NULL, + parameter_arg, 3 ) == 0 ); + } + else +#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#if defined(MBEDTLS_ECDSA_C) + if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( psa_type_arg ) ) + { + mbedtls_ecp_group_id grpid = parameter_arg; + + /* Create legacy EC public/private key in PK context. */ + mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( grpid, + (mbedtls_ecp_keypair*) pk.pk_ctx, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); + } + else +#endif /* MBEDTLS_ECDSA_C */ + { + (void) parameter_arg; + TEST_ASSUME( ! "Opaque PK key not supported in this configuration" ); + } /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,