diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 442a362351..c39b8f7e59 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -26,9 +26,6 @@ /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ #include "pkwrite.h" -/* Used for properly sizing the key buffer in pk_genkey_ec() */ -#include "psa_util_internal.h" - #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) @@ -185,120 +182,55 @@ #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 #endif -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) -{ - psa_status_t status; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - size_t curve_bits; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); - int ret; +const char *curve_names_lut[] = { + [MBEDTLS_ECP_DP_SECP192R1] = "secp192r1", + [MBEDTLS_ECP_DP_SECP256R1] = "secp256r1", + [MBEDTLS_ECP_DP_SECP384R1] = "secp384r1", + [MBEDTLS_ECP_DP_SECP521R1] = "secp521r1", + [MBEDTLS_ECP_DP_BP256R1] = "brainpoolP256r1", + [MBEDTLS_ECP_DP_BP384R1] = "brainpoolP384r1", + [MBEDTLS_ECP_DP_BP512R1] = "brainpoolP512r1", + [MBEDTLS_ECP_DP_CURVE25519] = "x25519", + [MBEDTLS_ECP_DP_SECP192K1] = "secp192k1", + [MBEDTLS_ECP_DP_SECP256K1] = "secp256k1", + [MBEDTLS_ECP_DP_CURVE448] = "x448", +}; - if (curve == 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); - psa_set_key_bits(&key_attr, curve_bits); - psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; - psa_algorithm_t sign_alg = 0; - psa_algorithm_t derive_alg = 0; - if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { - usage |= PSA_KEY_USAGE_DERIVE; - derive_alg = PSA_ALG_ECDH; - } - if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && - curve != PSA_ECC_FAMILY_MONTGOMERY) { - usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); -#else - sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); -#endif - } - if (derive_alg != 0) { - psa_set_key_algorithm(&key_attr, derive_alg); - if (sign_alg != 0) { - psa_set_key_enrollment_algorithm(&key_attr, sign_alg); - } - } else { - psa_set_key_algorithm(&key_attr, sign_alg); - } - psa_set_key_usage_flags(&key_attr, usage); - - status = psa_generate_key(&key_attr, &pk->priv_id); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), - &pk->pub_raw_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - goto exit; - } - - pk->ec_family = curve; - pk->ec_bits = curve_bits; - - return 0; - -exit: - status = psa_destroy_key(pk->priv_id); - return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -/** Generate a key of the desired type. +/** Fill the provided PK context with a proper key. + * + * Instead of generating a new key every time, use predefined ones to speed up + * testing. + * This function assumes that the PK context has already been setup + * (mbedtls_pk_setup() has been called on the PK context ) so that it + * can determine the key type to be loaded from the PK context itself. * * \param pk The PK object to fill. It must have been initialized * with mbedtls_pk_setup(). * \param curve_or_keybits - For RSA keys, the key size in bits. * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). * - * \return The status from the underlying type-specific key - * generation function. - * \return -1 if the key type is not recognized. + * \return 0 on success or a negative value otherwise. */ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) { - (void) pk; - (void) curve_or_keybits; + char file_name[128] = { 0 }; + int ret; + /* Dump pk_info since this is overridden by mbedtls_pk_parse_keyfile(). */ + const mbedtls_pk_info_t *original_pk_info = pk->pk_info; -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { - return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), - mbedtls_test_rnd_std_rand, NULL, - curve_or_keybits, 3); + sprintf(file_name, "data_files/rsa_%d.der", curve_or_keybits); + } else if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || + mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || + mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { + sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[curve_or_keybits]); } -#endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { - int ret; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_genkey_ec(pk, curve_or_keybits); - if (ret != 0) { - return ret; - } + ret = mbedtls_pk_parse_keyfile(pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL); + /* Restore pk_info. */ + pk->pk_info = original_pk_info; - return 0; -#else - ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); - if (ret != 0) { - return ret; - } - return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, - &mbedtls_pk_ec_rw(*pk)->d, - &mbedtls_pk_ec_rw(*pk)->Q, - mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - return -1; + return ret; } #if defined(MBEDTLS_PSA_CRYPTO_C)