test: remove usage of mbedtls_pk_wrap_as_opaque() from tests
This is replaced with: mbedtls_pk_get_psa_attributes() + mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque(). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
665cf928d9
commit
1fa2f6e9af
4 changed files with 78 additions and 61 deletions
|
@ -685,9 +685,24 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opaque_alg != 0) {
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot,
|
||||
opaque_alg, opaque_usage,
|
||||
opaque_alg2), 0);
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_VERIFY_HASH,
|
||||
&key_attr), 0);
|
||||
/* Then manually set type, usage, alg and alg2 as requested by the test. */
|
||||
psa_key_type_t key_type = psa_get_key_type(&key_attr);
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) {
|
||||
psa_set_key_type(&key_attr, PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(key_type));
|
||||
}
|
||||
psa_set_key_usage_flags(&key_attr, opaque_usage);
|
||||
psa_set_key_algorithm(&key_attr, opaque_alg);
|
||||
if (opaque_alg2 != PSA_ALG_NONE) {
|
||||
psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
|
||||
}
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0);
|
||||
mbedtls_pk_free(cert->pkey);
|
||||
mbedtls_pk_init(cert->pkey);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0);
|
||||
}
|
||||
#else
|
||||
(void) opaque_alg;
|
||||
|
|
|
@ -836,6 +836,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
|
|||
mbedtls_pk_context pub, prv, alt;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_pk_init(&pub);
|
||||
|
@ -873,9 +874,13 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
|
|||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
|
||||
PSA_ALG_ANY_HASH,
|
||||
PSA_KEY_USAGE_EXPORT, 0), 0);
|
||||
/* Turn the prv PK context into an opaque one.*/
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
|
||||
&opaque_key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
|
||||
mbedtls_pk_free(&prv);
|
||||
mbedtls_pk_init(&prv);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
|
||||
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
|
||||
NULL), ret);
|
||||
}
|
||||
|
@ -1395,7 +1400,8 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
mbedtls_mpi N, P, Q, E;
|
||||
mbedtls_rsa_context *rsa;
|
||||
mbedtls_pk_context pk;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
size_t olen;
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
|
@ -1422,10 +1428,11 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id,
|
||||
PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
PSA_KEY_USAGE_DECRYPT,
|
||||
PSA_ALG_NONE), 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||
|
||||
|
@ -1635,10 +1642,9 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
|||
unsigned char pkey_legacy[200];
|
||||
unsigned char pkey_psa[200];
|
||||
unsigned char *pkey_legacy_start, *pkey_psa_start;
|
||||
psa_algorithm_t alg_psa;
|
||||
size_t sig_len, klen_legacy, klen_psa;
|
||||
int ret;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
/*
|
||||
|
@ -1660,7 +1666,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
|||
TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
|
||||
mbedtls_test_rnd_std_rand, NULL,
|
||||
curve_or_keybits, 3) == 0);
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256);
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
|
@ -1671,8 +1676,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
|||
TEST_ASSERT(mbedtls_pk_setup(&pk,
|
||||
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
|
||||
TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
|
||||
|
||||
alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
} else
|
||||
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
|
||||
{
|
||||
|
@ -1699,9 +1702,11 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
|||
#endif /* MBEDTLS_PK_WRITE_C */
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
|
||||
TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type);
|
||||
|
@ -1822,6 +1827,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
|
|||
mbedtls_pk_context pk;
|
||||
size_t sig_len, pkey_len;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||
unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
|
||||
unsigned char *pkey_start;
|
||||
|
@ -1861,9 +1867,14 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
|
|||
}
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id, psa_alg,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE), 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
/* Tweak the algorithm associated with the PSA key because get_psa_attributes() returns
|
||||
* a PSA_ALG_RSA_PSS_ANY_SALT(), but mbedtls_pk_sign_ext() requires a PSA_ALG_RSA_PSS().*/
|
||||
psa_set_key_algorithm(&key_attr, psa_alg);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
memset(hash, 0x2a, sizeof(hash));
|
||||
memset(sig, 0, sizeof(sig));
|
||||
|
|
|
@ -75,6 +75,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
|
|||
size_t buf_len, check_buf_len;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
USE_PSA_INIT();
|
||||
|
@ -117,10 +118,13 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
|
|||
/* Verify that pk_write works also for opaque private keys */
|
||||
if (!is_public_key) {
|
||||
memset(buf, 0, check_buf_len);
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id,
|
||||
PSA_ALG_NONE,
|
||||
PSA_KEY_USAGE_EXPORT,
|
||||
PSA_ALG_NONE), 0);
|
||||
/* Turn the key PK context into an opaque one.
|
||||
* Note: set some practical usage for the key to make get_psa_attributes() happy. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_MESSAGE, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &opaque_id), 0);
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
|
||||
start_buf = buf;
|
||||
buf_len = check_buf_len;
|
||||
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
|
||||
|
@ -172,6 +176,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
|
|||
size_t pub_key_len = 0;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_pk_init(&priv_key);
|
||||
|
@ -194,9 +199,12 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
|
|||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_platform_zeroize(derived_key_raw, derived_key_len);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
|
||||
PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
|
||||
PSA_ALG_NONE), 0);
|
||||
/* Turn the priv_key PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&priv_key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&priv_key, &key_attr, &opaque_key_id), 0);
|
||||
mbedtls_pk_free(&priv_key);
|
||||
mbedtls_pk_init(&priv_key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&priv_key, opaque_key_id), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
|
||||
derived_key_len), pub_key_len);
|
||||
|
|
|
@ -284,7 +284,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
|||
{
|
||||
mbedtls_pk_context key;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t md_alg_psa, alg_psa;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
int ret;
|
||||
|
@ -297,24 +297,16 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
|||
|
||||
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||
|
||||
md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
|
||||
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
|
||||
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
|
||||
mbedtls_test_rnd_std_rand, NULL) == 0);
|
||||
|
||||
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
|
||||
alg_psa = PSA_ALG_ECDSA(md_alg_psa);
|
||||
} else if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
|
||||
} else {
|
||||
TEST_ASSUME(!"PK key type not supported in this configuration");
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
/* Turn the PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0);
|
||||
|
||||
mbedtls_x509write_csr_set_md_alg(&req, md_type);
|
||||
mbedtls_x509write_csr_set_key(&req, &key);
|
||||
|
@ -373,6 +365,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
mbedtls_test_rnd_pseudo_info rnd_info;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif
|
||||
mbedtls_pk_type_t issuer_key_type;
|
||||
mbedtls_x509_san_list san_ip;
|
||||
|
@ -451,24 +444,14 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* For Opaque PK contexts, wrap key as an Opaque RSA context. */
|
||||
/* Turn the issuer PK context into an opaque one. */
|
||||
if (pk_wrap == 2) {
|
||||
psa_algorithm_t alg_psa, md_alg_psa;
|
||||
|
||||
md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
|
||||
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
|
||||
|
||||
if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {
|
||||
alg_psa = PSA_ALG_ECDSA(md_alg_psa);
|
||||
} else if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
|
||||
} else {
|
||||
TEST_ASSUME(!"PK key type not supported in this configuration");
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&issuer_key, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH,
|
||||
&key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&issuer_key);
|
||||
mbedtls_pk_init(&issuer_key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0);
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
|
|
Loading…
Reference in a new issue