lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-05-16 06:24:39 +03:00
Code

test_suite_pk: use a single helper function to generate PSA keys

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-03-22 12:06:44 +01:00
parent 414daf1d07
commit c43a7a522e
1 changed files with 42 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
tests/suites/test_suite_pk.function
View File

@ -539,9 +539,11 @@ psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len,
return status; return status;
} }
psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits, psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits,
psa_key_usage_t usage, psa_algorithm_t alg, psa_key_usage_t usage, psa_algorithm_t alg,
mbedtls_svc_key_id_t *key) psa_algorithm_t enrollment_alg,
mbedtls_svc_key_id_t persistent_key_id,
mbedtls_svc_key_id_t *key)
{ {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status; psa_status_t status;
@ -550,42 +552,16 @@ psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits,
psa_set_key_usage_flags(&attributes, usage); psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg); psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, enrollment_alg);
psa_set_key_type(&attributes, type); psa_set_key_type(&attributes, type);
psa_set_key_bits(&attributes, bits); psa_set_key_bits(&attributes, bits);
if (!mbedtls_svc_key_id_is_null(persistent_key_id)) {
psa_set_key_id(&attributes, persistent_key_id);
}
status = psa_generate_key(&attributes, key); status = psa_generate_key(&attributes, key);
return status; return status;
} }
/*
* Generate an ECC key using PSA and return the key identifier of that key,
* or 0 if the key generation failed.
* The key uses NIST P-256 and is usable for signing with SHA-256.
*/
mbedtls_svc_key_id_t pk_psa_genkey_ecc(void)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
&key);
return key;
}
/*
* Generate an RSA key using PSA and return the key identifier of that key,
* or 0 if the key generation failed.
*/
mbedtls_svc_key_id_t pk_psa_genkey_rsa(void)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW, &key);
return key;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */
/* END_HEADER */ /* END_HEADER */
@ -620,11 +596,15 @@ void pk_psa_utils(int key_is_rsa)
mbedtls_pk_init(&pk); mbedtls_pk_init(&pk);
if (key_is_rsa) { if (key_is_rsa) {
bitlen = 1024; /* hardcoded in genkey() */ bitlen = 1024;
key = pk_psa_genkey_rsa(); key = pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH,
PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE,
PSA_KEY_ID_NULL, &key);
} else { } else {
bitlen = 256; /* hardcoded in genkey() */ bitlen = 256;
key = pk_psa_genkey_ecc(); key = pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
PSA_ALG_NONE, PSA_KEY_ID_NULL, &key);
} }
if (mbedtls_svc_key_id_is_null(key)) { if (mbedtls_svc_key_id_is_null(key)) {
goto exit; goto exit;
@ -709,16 +689,8 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg,
USE_PSA_INIT(); USE_PSA_INIT();
if (opaque_key == 1) { if (opaque_key == 1) {
psa_set_key_usage_flags(&attributes, key_usage); PSA_ASSERT(pk_psa_genkey(key_type, curve_or_keybits, key_usage,
psa_set_key_algorithm(&attributes, key_alg); key_alg, key_alg2, PSA_KEY_ID_NULL, &key));
if (key_alg2 != 0) {
psa_set_key_enrollment_algorithm(&attributes, key_alg2);
}
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, curve_or_keybits);
PSA_ASSERT(psa_generate_key(&attributes, &key));
if (mbedtls_svc_key_id_is_null(key)) { if (mbedtls_svc_key_id_is_null(key)) {
goto exit; goto exit;
} }
@ -2214,17 +2186,18 @@ void pk_import_into_psa_lifetime(int from_opaque,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t from_psa_type = psa_key_type_t from_psa_type =
PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY); PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY);
psa_set_key_type(&attributes, from_psa_type); psa_key_usage_t psa_key_usage =
psa_set_key_bits(&attributes, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS);
psa_set_key_usage_flags(
&attributes,
(from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) | (from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) |
PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); mbedtls_svc_key_id_t persistent_key_id = MBEDTLS_SVC_KEY_ID_INIT;
if (from_persistent) { if (from_persistent) {
psa_set_key_id(&attributes, mbedtls_svc_key_id_make(0, 1)); persistent_key_id = mbedtls_svc_key_id_make(0, 1);
} }
PSA_ASSERT(psa_generate_key(&attributes, &old_key_id));
PSA_ASSERT(pk_psa_genkey(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS,
psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE,
persistent_key_id, &old_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0);
psa_reset_key_attributes(&attributes); psa_reset_key_attributes(&attributes);
#else #else
@ -2300,12 +2273,8 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg,
PSA_INIT(); PSA_INIT();
psa_set_key_type(&attributes, from_type); PSA_ASSERT(pk_psa_genkey(from_type, bits, from_usage, alg, 42,
psa_set_key_bits(&attributes, bits); PSA_KEY_ID_NULL, &old_key_id));
psa_set_key_usage_flags(&attributes, from_usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, 42);
PSA_ASSERT(psa_generate_key(&attributes, &old_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0);
psa_key_type_t expected_psa_type = psa_key_type_t expected_psa_type =
@ -2397,11 +2366,8 @@ void pk_import_into_psa_opaque(int from_type, int from_bits,
PSA_INIT(); PSA_INIT();
psa_set_key_type(&from_attributes, from_type); PSA_ASSERT(pk_psa_genkey(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE,
psa_set_key_bits(&from_attributes, from_bits); PSA_KEY_ID_NULL, &from_key_id));
psa_set_key_usage_flags(&from_attributes, from_usage);
psa_set_key_algorithm(&from_attributes, from_alg);
PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0);
psa_set_key_type(&to_attributes, to_type); psa_set_key_type(&to_attributes, to_type);
@ -2468,8 +2434,9 @@ void pk_copy_from_psa_fail(void)
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
/* Generate a key type that is not handled by the PK module. */ /* Generate a key type that is not handled by the PK module. */
PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048,
PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, &key_id)); PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE,
PSA_KEY_ID_NULL, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
psa_destroy_key(key_id); psa_destroy_key(key_id);
@ -2478,8 +2445,8 @@ void pk_copy_from_psa_fail(void)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
/* Generate an EC key which cannot be exported. */ /* Generate an EC key which cannot be exported. */
PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
0, PSA_ALG_NONE, &key_id)); 0, PSA_ALG_NONE, PSA_ALG_NONE, PSA_KEY_ID_NULL, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH);
psa_destroy_key(key_id); psa_destroy_key(key_id);
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 && #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 &&
@ -2501,11 +2468,11 @@ void pk_copy_from_psa_builtin_fail()
mbedtls_pk_init(&pk_ctx); mbedtls_pk_init(&pk_ctx);
PSA_INIT(); PSA_INIT();
PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR,
PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS,
PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT,
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
&key_id)); PSA_KEY_ID_NULL, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
exit: exit:
mbedtls_pk_free(&pk_ctx); mbedtls_pk_free(&pk_ctx);