From 98f899c7a5863fefb1f17fe1126527aced069b46 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 16 Mar 2022 17:42:42 +0100 Subject: [PATCH] Test generating certificates using an opaque RSA key Signed-off-by: Neil Armstrong --- tests/suites/test_suite_x509write.data | 19 +++++++++++++++ tests/suites/test_suite_x509write.function | 28 ++++++++++++++++++---- 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index fd8b9ae403..1c2c6a1927 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -94,6 +94,25 @@ Certificate write check Server1 SHA1, RSA_ALT, CA depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1 +Certificate write check Server1 SHA1, Opaque +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":2:0 + +Certificate write check Server1 SHA1, Opaque, key_usage +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":2:0 + +Certificate write check Server1 SHA1, Opaque, ns_cert_type +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0 + +Certificate write check Server1 SHA1, Opaque, version 1 +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0 + +Certificate write check Server1 SHA1, Opaque, CA +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":2:1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 947fcc442c..ef566d0194 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -223,7 +223,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *serial_str, char *not_before, char *not_after, int md_type, int key_usage, int set_key_usage, int cert_type, int set_cert_type, int auth_ident, - int ver, char *cert_check_file, int rsa_alt, int is_ca ) + int ver, char *cert_check_file, int pk_wrap, int is_ca ) { mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; mbedtls_pk_context *key = &issuer_key; @@ -237,6 +237,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, int der_len = -1; FILE *f; mbedtls_test_rnd_pseudo_info rnd_info; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); @@ -257,7 +260,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, #if defined(MBEDTLS_RSA_C) /* For RSA PK contexts, create a copy as an alternative RSA context. */ - if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) + if( pk_wrap == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) { TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt, mbedtls_pk_rsa( issuer_key ), @@ -267,10 +270,24 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, key = &issuer_key_alt; } -#else - (void) rsa_alt; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + /* For Opaque PK contexts, wrap key as an Opaque RSA context. */ + if( pk_wrap == 2 ) + { + psa_algorithm_t md_alg_psa = + mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type ); + + TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id, + md_alg_psa ) == 0 ); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if( pk_wrap == 2 ) + TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE ); + TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 ); if( ver != -1 ) @@ -339,6 +356,9 @@ exit: mbedtls_pk_free( &subject_key ); mbedtls_pk_free( &issuer_key ); mbedtls_mpi_free( &serial ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key( key_id ); +#endif USE_PSA_DONE( ); } /* END_CASE */