Test generating certificates using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index fd8b9ae..1c2c6a1 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -94,6 +94,25 @@
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1
+Certificate write check Server1 SHA1, Opaque
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":2:0
+
+Certificate write check Server1 SHA1, Opaque, key_usage
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":2:0
+
+Certificate write check Server1 SHA1, Opaque, ns_cert_type
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0
+
+Certificate write check Server1 SHA1, Opaque, version 1
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0
+
+Certificate write check Server1 SHA1, Opaque, CA
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":2:1
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 947fcc4..ef566d0 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -223,7 +223,7 @@
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
int cert_type, int set_cert_type, int auth_ident,
- int ver, char *cert_check_file, int rsa_alt, int is_ca )
+ int ver, char *cert_check_file, int pk_wrap, int is_ca )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -237,6 +237,9 @@
int der_len = -1;
FILE *f;
mbedtls_test_rnd_pseudo_info rnd_info;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
@@ -257,7 +260,7 @@
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
- if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
+ if( pk_wrap == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
{
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
mbedtls_pk_rsa( issuer_key ),
@@ -267,10 +270,24 @@
key = &issuer_key_alt;
}
-#else
- (void) rsa_alt;
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* For Opaque PK contexts, wrap key as an Opaque RSA context. */
+ if( pk_wrap == 2 )
+ {
+ psa_algorithm_t md_alg_psa =
+ mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+
+ TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
+ TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &issuer_key, &key_id,
+ md_alg_psa ) == 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( pk_wrap == 2 )
+ TEST_ASSERT( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_OPAQUE );
+
TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
@@ -339,6 +356,9 @@
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key( key_id );
+#endif
USE_PSA_DONE( );
}
/* END_CASE */