programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests

This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-02-27 10:44:33 +01:00
parent 1fa2f6e9af
commit 7541ebea52
4 changed files with 58 additions and 11 deletions

View file

@ -1711,11 +1711,10 @@ usage:
&psa_alg, &psa_alg2, &psa_alg, &psa_alg2,
&usage, &usage,
mbedtls_pk_get_type(&pkey)) == 0) { mbedtls_pk_get_type(&pkey)) == 0) {
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, psa_alg, ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
usage, psa_alg2);
if (ret != 0) { if (ret != 0) {
mbedtls_printf(" failed\n ! " mbedtls_printf(" failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
(unsigned int) -ret); (unsigned int) -ret);
goto exit; goto exit;
} }

View file

@ -2708,12 +2708,10 @@ usage:
&psa_alg, &psa_alg2, &psa_alg, &psa_alg2,
&psa_usage, &psa_usage,
mbedtls_pk_get_type(&pkey)) == 0) { mbedtls_pk_get_type(&pkey)) == 0) {
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot);
psa_alg, psa_usage, psa_alg2);
if (ret != 0) { if (ret != 0) {
mbedtls_printf(" failed\n ! " mbedtls_printf(" failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", "pk_wrap_as_opaque returned -0x%x\n\n",
(unsigned int) -ret); (unsigned int) -ret);
goto exit; goto exit;
} }
@ -2727,12 +2725,10 @@ usage:
&psa_alg, &psa_alg2, &psa_alg, &psa_alg2,
&psa_usage, &psa_usage,
mbedtls_pk_get_type(&pkey2)) == 0) { mbedtls_pk_get_type(&pkey2)) == 0) {
ret = mbedtls_pk_wrap_as_opaque(&pkey2, &key_slot2, ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2);
psa_alg, psa_usage, psa_alg2);
if (ret != 0) { if (ret != 0) {
mbedtls_printf(" failed\n ! " mbedtls_printf(" failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
(unsigned int) -ret); (unsigned int) -ret);
goto exit; goto exit;
} }

View file

@ -274,6 +274,35 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
return 0; return 0;
} }
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id)
{
int ret;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr);
if (ret != 0) {
return ret;
}
psa_set_key_usage_flags(&key_attr, psa_usage);
psa_set_key_algorithm(&key_attr, psa_alg);
if (psa_alg2 != PSA_ALG_NONE) {
psa_set_key_enrollment_algorithm(&key_attr, psa_alg2);
}
ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id);
if (ret != 0) {
return ret;
}
mbedtls_pk_free(pk);
mbedtls_pk_init(pk);
ret = mbedtls_pk_setup_opaque(pk, *key_id);
if (ret != 0) {
return ret;
}
return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)

View file

@ -235,6 +235,29 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg2, psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage, psa_key_usage_t *usage,
mbedtls_pk_type_t key_type); mbedtls_pk_type_t key_type);
/** Turn a non-opaque PK context into an opaque one with folowing steps:
* - extract the key data and attributes from the PK context.
* - import the key material into PSA.
* - free the provided PK context and re-initilize it as an opaque PK context
* wrapping the PSA key imported in the above step.
*
* \param[in/out] pk On input the non-opaque PK context which contains the
* key to be wrapped. On output the re-initialized PK
* context which represents the opaque version of the one
* provided as input.
* \param[in] psa_alg The primary algorithm that will be associated to the
* PSA key.
* \param[in] psa_alg2 The enrollment algorithm that will be associated to the
* PSA key.
* \param[in] psa_usage The PSA key usage policy.
* \param[out] key_id The PSA key identifier of the imported key.
*
* \return \c 0 on sucess.
* \return \c -1 on failure.
*/
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)