Remove static declaration of look-up table from test_suite_pk
and generate it automatically with Python.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is to manage RSA and EC keys in the same way in order to
prepare for the following commits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
asymmetric_key_data.py already provides EC/RSA key pair values that
are suitable for generate_test_keys.py. So instead of re-generating
the keys using gen_key program, we use those keys.
This commit also:
- extends asymmetric_key_data.py to introduce
RSA bit sizes that are used in test_suite_pk but were missing from
asymmetric_key_data.py.
- updates test_keys.h with new keys.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We use logical '&&' everywhere, let's be consistent.
(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Now that key generation has been replaced with parsing predefined
keys, guards for MBEDTLS_PK_PARSE_C need to be added in test
code.
This commits also removes remaining usage of GENPRIME.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.
tests/src/test_keys.h is automatically generated using the
above mentioned script.
test_suite_pk is updated in order to use the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of using PK module to import/export the key in a PSA friendly
format:
- for RSA keys we use the DER input data directly;
- for EC keys we extract the private key manually.
This helps avoiding dependencies from PK_WRITE and PK_PARSE.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add pk_info parameter in order to ease the requirements on the provided
PK context. Now it can simply be initialized, but not setup.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
