diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b6144d9aeb..d09b5f527f 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1214,6 +1214,7 @@ int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, int (*f_rng)(void *, unsigned char *, size_t), @@ -1235,6 +1236,7 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ /** * \brief This function reads an elliptic curve private key. diff --git a/library/ecp.c b/library/ecp.c index 08fbe86c73..50058af6ef 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3159,6 +3159,7 @@ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } +#if !defined(MBEDTLS_USE_PSA_CRYPTO) /* * Generate a keypair with configurable base point */ @@ -3200,6 +3201,7 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, return mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng); } +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #define ECP_CURVE25519_KEY_SIZE 32 #define ECP_CURVE448_KEY_SIZE 56 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 4b51a9fb9d..4a9bc53519 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -987,7 +987,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_ecp_gen_keypair(int id) { mbedtls_ecp_group grp; @@ -1016,7 +1016,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_ecp_gen_key(int id) { mbedtls_ecp_keypair key; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index de531d32e7..f82eeb8a22 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -17,9 +17,63 @@ * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#endif + #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 +static int pk_genkey_ec(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q) +{ + psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + size_t curve_bits; + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, + &curve_bits); + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + int ret; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_bits(&key_attr, curve_bits); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + + status = psa_generate_key(&key_attr, &key_id); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_mpi_read_binary(d, key_buf, key_len); + if (ret != 0) { + return ret; + } + + status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), + &key_len); + if (status != PSA_SUCCESS) { + psa_destroy_key(key_id); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } + + ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); + if (ret != 0) { + return ret; + } + + psa_destroy_key(key_id); + + return 0; +} + /** Generate a key of the desired type. * * \param pk The PK object to fill. It must have been initialized @@ -53,12 +107,18 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) return ret; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp, + &mbedtls_pk_ec(*pk)->d, + &mbedtls_pk_ec(*pk)->Q); +#else /* MBEDTLS_USE_PSA_CRYPTO */ return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp, &mbedtls_pk_ec(*pk)->d, &mbedtls_pk_ec(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif +#endif /* MBEDTLS_ECP_C */ return -1; } @@ -462,6 +522,10 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name) { mbedtls_pk_context pk; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_INIT(); +#endif + mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); @@ -475,6 +539,9 @@ void pk_utils(int type, int parameter, int bitlen, int len, char *name) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + PSA_DONE(); +#endif } /* END_CASE */ @@ -1234,9 +1301,8 @@ void pk_psa_sign(int parameter_arg, mbedtls_pk_init(&pk); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); - TEST_ASSERT(mbedtls_ecp_gen_key(grpid, - (mbedtls_ecp_keypair *) pk.pk_ctx, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(pk_genkey(&pk, grpid) == 0); + alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */