test_suite_pk: add python script to generate predefined keys

This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.

tests/src/test_keys.h is automatically generated using the
above mentioned script.

test_suite_pk is updated in order to use the new format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

tests/scripts/generate_test_keys.py

@@ -0,0 +1,103 @@
+#!/usr/bin/env python3
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+"""Module generating EC and RSA keys to be used in test_suite_pk instead of
+generating the required key at run time. This helps speeding up testing."""
+
+import os
+import sys
+import subprocess
+
+KEY_GEN = "./programs/pkey/gen_key"
+TMP_DER_FILE = "tmp_key.der"
+OUTPUT_HEADER_FILE = "./tests/src/test_keys.h"
+BYTES_PER_LINE = 12
+
+KEYS = {
+    # RSA keys
+    'test_rsa_1024': ['rsa', '1024'],
+    'test_rsa_1026': ['rsa', '1026'],
+    'test_rsa_1028': ['rsa', '1028'],
+    'test_rsa_1030': ['rsa', '1030'],
+    'test_rsa_2048': ['rsa', '2048'],
+    'test_rsa_4096': ['rsa', '4096'],
+    # EC keys
+    'test_ec_secp192r1': ['ec', 'secp192r1'],
+    'test_ec_secp224r1': ['ec', 'secp224r1'],
+    'test_ec_secp256r1': ['ec', 'secp256r1'],
+    'test_ec_secp384r1': ['ec', 'secp384r1'],
+    'test_ec_secp521r1': ['ec', 'secp521r1'],
+    'test_ec_bp256r1': ['ec', 'brainpoolP256r1'],
+    'test_ec_bp384r1': ['ec', 'brainpoolP384r1'],
+    'test_ec_bp512r1': ['ec', 'brainpoolP512r1'],
+    'test_ec_curve25519': ['ec', 'x25519'],
+    'test_ec_secp192k1': ['ec', 'secp192k1'],
+    'test_ec_secp256k1': ['ec', 'secp256k1'],
+    'test_ec_curve448': ['ec', 'x448'],
+}
+
+def generate_der_file(curve_type: str, curve_or_bits: str):
+    if not os.path.exists(KEY_GEN):
+        raise Exception("Key generation program does not exist.")
+    if curve_type == 'ec':
+        cob_param = 'ec_curve=' + curve_or_bits
+    else:
+        cob_param = 'rsa_keysize=' + curve_or_bits
+
+    subprocess.run([KEY_GEN, 'type=' + curve_type, cob_param,
+                    'format=der', 'filename=' + TMP_DER_FILE], check=True)
+
+def convert_der_to_c(array_name: str) -> str:
+    """Convert a DER file content to a C array. The name of such array is
+    provided as input parameter. The file to be converted is the temporary
+    TMP_DER_FILE."""
+    output_text = "const unsigned char {}[] = {{\n".format(array_name)
+
+    with open(TMP_DER_FILE, 'rb') as input_file:
+        data_block = input_file.read(BYTES_PER_LINE)
+        while data_block:
+            new_line = '    ' + ', '.join(['{:#04x}'.format(b) for b in data_block])
+            output_text = output_text + new_line + ",\n"
+            data_block = input_file.read(BYTES_PER_LINE)
+
+    output_text = output_text + "};\n"
+
+    return output_text
+
+def write_header(macro_name: str):
+    return ("/* This macro was generated from tests/scripts/generate_test_keys.py */\n" +
+            "/* BEGIN FILE string macro {} */\n".format(macro_name))
+
+def write_footer():
+    return "/* END FILE */\n"
+
+def main():
+    # Remove intermediate and output files if already existing.
+    if os.path.exists(OUTPUT_HEADER_FILE):
+        os.remove(OUTPUT_HEADER_FILE)
+    if os.path.exists(TMP_DER_FILE):
+        os.remove(TMP_DER_FILE)
+
+    output_file = open(OUTPUT_HEADER_FILE, 'at')
+
+    add_newline = False
+    for key in KEYS:
+        # Use gen_key tool to generate the desired key (in DER format) and save
+        # it into a temporary file.
+        generate_der_file(KEYS[key][0], KEYS[key][1])
+        # Convert the key from binary format to a C array and append the result
+        # to the output header file.
+        if add_newline:
+            output_file.write("\n")
+        output_file.write(write_header(key))
+        c_data = convert_der_to_c(key)
+        output_file.write(c_data)
+        output_file.write(write_footer())
+        # Remove the temporary key file.
+        os.remove(TMP_DER_FILE)
+        add_newline = True
+
+if __name__ == '__main__':
+    sys.exit(main())

tests/suites/test_suite_pk.function

@@ -187,37 +187,47 @@
 #if defined(MBEDTLS_PK_PARSE_C)
 
 #include <../src/test_keys.h>
-static int get_predefined_key_data(int is_rsa, int curve_or_keybits,
-                                   unsigned char **outbuf, size_t *out_buf_size)
+struct key_lut_element {
+    int curve_or_keybits;
+    const unsigned char *key;
+    size_t key_len;
+};
+
+struct key_lut_element keys_lut[] = {
+    { 1024, test_rsa_1024, sizeof(test_rsa_1024) },
+    { 1026, test_rsa_1026, sizeof(test_rsa_1026) },
+    { 1028, test_rsa_1028, sizeof(test_rsa_1028) },
+    { 1030, test_rsa_1030, sizeof(test_rsa_1030) },
+    { 2048, test_rsa_2048, sizeof(test_rsa_2048) },
+    { 4096, test_rsa_4096, sizeof(test_rsa_4096) },
+    { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1, sizeof(test_ec_secp192r1) },
+    { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1, sizeof(test_ec_secp224r1) },
+    { MBEDTLS_ECP_DP_SECP256R1, test_ec_secp256r1, sizeof(test_ec_secp256r1) },
+    { MBEDTLS_ECP_DP_SECP384R1, test_ec_secp384r1, sizeof(test_ec_secp384r1) },
+    { MBEDTLS_ECP_DP_SECP521R1, test_ec_secp521r1, sizeof(test_ec_secp521r1) },
+    { MBEDTLS_ECP_DP_BP256R1, test_ec_bp256r1, sizeof(test_ec_bp256r1) },
+    { MBEDTLS_ECP_DP_BP384R1, test_ec_bp384r1, sizeof(test_ec_bp384r1) },
+    { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1, sizeof(test_ec_bp512r1) },
+    { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve25519, sizeof(test_ec_curve25519) },
+    { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1, sizeof(test_ec_secp192k1) },
+    { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1, sizeof(test_ec_secp256k1) },
+    { MBEDTLS_ECP_DP_CURVE448, test_ec_curve448, sizeof(test_ec_curve448) },
+};
+
+static int get_predefined_key_data(int curve_or_keybits,
+                                   const unsigned char **key, size_t *key_len)
 {
-    const char *key_data_hex = NULL;
-    size_t out_buf_len = 0;
-
-    if (is_rsa) {
     size_t i;
-        for (i = 0; i < ARRAY_LENGTH(rsa_key_data_lut); i++) {
-            if (curve_or_keybits == rsa_key_data_lut[i].bits) {
-                key_data_hex = rsa_key_data_lut[i].key;
-                break;
-            }
-        }
-    } else {
-        key_data_hex = ec_key_data_lut[curve_or_keybits];
-    }
-
-    if (key_data_hex == NULL) {
-        return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-    }
-
-    *out_buf_size = strlen(key_data_hex)/2;
-    *outbuf = mbedtls_calloc(*out_buf_size, sizeof(unsigned char));
-    if (*outbuf == NULL) {
-        return MBEDTLS_ERR_PK_ALLOC_FAILED;
-    }
-    mbedtls_test_unhexify(*outbuf, *out_buf_size, key_data_hex, &out_buf_len);
-
+    for (i = 0; i < ARRAY_LENGTH(keys_lut); i++) {
+        if (curve_or_keybits == keys_lut[i].curve_or_keybits) {
+            *key = keys_lut[i].key;
+            *key_len = keys_lut[i].key_len;
             return 0;
         }
+    }
+
+    return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+}
 
 /** Fill the provided PK context with a proper key.
  *
@@ -237,12 +247,11 @@ static int get_predefined_key_data(int is_rsa, int curve_or_keybits,
  */
 static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, int curve_or_keybits)
 {
-    unsigned char *key_data = NULL;
+    const unsigned char *key_data = NULL;
     size_t key_data_len = 0;
     int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-    int is_rsa = (curve_or_keybits >= 1024);
 
-    TEST_EQUAL(get_predefined_key_data(is_rsa, curve_or_keybits, &key_data, &key_data_len), 0);
+    TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len), 0);
     TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0,
                                     mbedtls_test_rnd_std_rand, NULL), 0);
     /* Override pk_info. */
@@ -250,7 +259,6 @@ static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, i
     ret = 0;
 
 exit:
-    mbedtls_free(key_data);
     return ret;
 }
 
@@ -278,11 +286,11 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits,
 {
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-    unsigned char *key_data = NULL;
+    const unsigned char *key_data = NULL;
     size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading
                                * zeros (if any). */
     size_t key_data_len = 0; /* Length of valid bytes in key_data. */
-    unsigned char *key_data_start;
+    const unsigned char *key_data_start;
 
     /* Get the predefined key:
      * - RSA keys are already in a valid format to be imported into PSA.
@@ -291,16 +299,16 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits,
      *   unrelevant data and go directly to the private key.
      */
     if (PSA_KEY_TYPE_IS_RSA(type)) {
-        TEST_EQUAL(get_predefined_key_data(1, bits, &key_data, &key_data_size), 0);
-        key_data_start = key_data;
+        TEST_EQUAL(get_predefined_key_data(bits, &key_data, &key_data_size), 0);
+        key_data_start = (unsigned char *) key_data;
         key_data_len = key_data_size;
     } else {
         mbedtls_ecp_group_id grp_id;
         grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits);
-        TEST_EQUAL(get_predefined_key_data(0, grp_id, &key_data, &key_data_size), 0);
+        TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size), 0);
 
-        unsigned char *p = key_data;
-        unsigned char *end = key_data + key_data_size;
+        unsigned char *p = (unsigned char *)  key_data;
+        unsigned char *end = (unsigned char *) key_data + key_data_size;
         size_t len;
         int version;
 
@@ -325,7 +333,6 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits,
     status = psa_import_key(&attributes, key_data_start, key_data_len, key);
 
 exit:
-    mbedtls_free(key_data);
     return status;
 }
 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */