Add & splice in test driver for ECC keygen
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h
new file mode 100644
index 0000000..436df34
--- /dev/null
+++ b/tests/include/drivers/keygen.h
@@ -0,0 +1,49 @@
+/*
+ * Test driver for signature functions
+ */
+/* Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H
+#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_TEST_HOOKS)
+#include <psa/crypto_driver_common.h>
+
+extern void *test_driver_keygen_forced_output;
+extern size_t test_driver_keygen_forced_output_length;
+
+extern psa_status_t test_transparent_keygen_status;
+extern unsigned long test_transparent_keygen_hit;
+
+psa_status_t test_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length );
+
+psa_status_t test_opaque_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length );
+
+#endif /* MBEDTLS_TEST_HOOKS */
+#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */
diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h
index 5494674..fec305f 100644
--- a/tests/include/drivers/test_driver.h
+++ b/tests/include/drivers/test_driver.h
@@ -25,5 +25,6 @@
#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff
#include "drivers/signature.h"
+#include "drivers/keygen.h"
#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c
new file mode 100644
index 0000000..4c830c3
--- /dev/null
+++ b/tests/src/drivers/keygen.c
@@ -0,0 +1,129 @@
+/*
+ * Test driver for signature functions
+ */
+/* Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS)
+#include "psa/crypto.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/error.h"
+
+#include "drivers/keygen.h"
+
+#include "test/random.h"
+
+#include <string.h>
+
+/* If non-null, on success, copy this to the output. */
+void *test_driver_keygen_forced_output = NULL;
+size_t test_driver_keygen_forced_output_length = 0;
+
+psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED;
+unsigned long test_transparent_keygen_hit = 0;
+
+psa_status_t test_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ ++test_transparent_keygen_hit;
+
+ if( test_transparent_keygen_status != PSA_SUCCESS )
+ return( test_transparent_keygen_status );
+
+ if( test_driver_keygen_forced_output != NULL )
+ {
+ if( test_driver_keygen_forced_output_length > key_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( key, test_driver_keygen_forced_output,
+ test_driver_keygen_forced_output_length );
+ *key_length = test_driver_keygen_forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ /* Copied from psa_crypto.c */
+#if defined(MBEDTLS_ECP_C)
+ if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) )
+ {
+ psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type );
+ mbedtls_ecp_group_id grp_id =
+ mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) );
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id( grp_id );
+ mbedtls_ecp_keypair ecp;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
+
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if( attributes->domain_parameters_size != 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( curve_info->bit_size != attributes->core.bits )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ mbedtls_ecp_keypair_init( &ecp );
+ ret = mbedtls_ecp_gen_key( grp_id, &ecp,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info );
+ if( ret != 0 )
+ {
+ mbedtls_ecp_keypair_free( &ecp );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+
+ /* Make sure to use export representation */
+ size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits );
+ if( key_size < bytes )
+ {
+ mbedtls_ecp_keypair_free( &ecp );
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ }
+ psa_status_t status = mbedtls_to_psa_error(
+ mbedtls_mpi_write_binary( &ecp.d, key, bytes ) );
+
+ if( status == PSA_SUCCESS )
+ {
+ *key_length = bytes;
+ }
+
+ mbedtls_ecp_keypair_free( &ecp );
+ return( status );
+ }
+ else
+#endif /* MBEDTLS_ECP_C */
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t test_opaque_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_size;
+ (void) key_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 2d2c5c4..ddf283f 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -27,3 +27,15 @@
verify_hash through transparent driver: error
ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR
+
+generate_key through transparent driver: fake
+generate_key:PSA_SUCCESS:1:PSA_SUCCESS
+
+generate_key through transparent driver: in-driver
+generate_key:PSA_SUCCESS:0:PSA_SUCCESS
+
+generate_key through transparent driver: fallback
+generate_key:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS
+
+generate_key through transparent driver: error
+generate_key:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a954446..9bb7943 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -171,3 +171,73 @@
test_driver_forced_output_length = 0;
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void generate_key( int force_status_arg,
+ int fake_output,
+ int expected_status_arg )
+{
+ psa_status_t force_status = force_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
+ const uint8_t *expected_output;
+ size_t expected_output_length;
+ psa_status_t actual_status;
+ uint8_t actual_output[sizeof(test_secp256r1_key_data)] = {0};
+ size_t actual_output_length;
+
+ psa_set_key_type( &attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) );
+ psa_set_key_bits( &attributes, 256 );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( &attributes, alg );
+
+ if( fake_output )
+ {
+ expected_output = test_driver_keygen_forced_output = test_secp256r1_key_data;
+ expected_output_length = test_driver_keygen_forced_output_length =
+ sizeof( test_secp256r1_key_data );
+ }
+
+ test_transparent_keygen_hit = 0;
+ test_transparent_keygen_status = force_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ actual_status = psa_generate_key( &attributes, &handle );
+ fprintf(stdout, "rteturn %d\n", actual_status);
+
+ TEST_EQUAL( test_transparent_keygen_hit, 1 );
+ TEST_EQUAL( actual_status, expected_status );
+
+ if( actual_status == PSA_SUCCESS )
+ {
+ psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
+
+ if( fake_output )
+ {
+ ASSERT_COMPARE( actual_output, actual_output_length,
+ expected_output, expected_output_length );
+ }
+ else
+ {
+ size_t zeroes = 0;
+ for( size_t i = 0; i < sizeof(actual_output); i++ )
+ {
+ if( actual_output[i] == 0)
+ zeroes++;
+ }
+ TEST_ASSERT( zeroes != sizeof(actual_output) );
+ }
+ }
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+ test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED;
+ test_driver_keygen_forced_output = NULL;
+ test_driver_keygen_forced_output_length = 0;
+}
+/* END_CASE */