Merge pull request #7393 from valeriosetti/issue7389
PK tests: use PSA to generate keypairs when USE_PSA is enabled
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index de531d3..dc4604a 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -17,9 +17,62 @@
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
+/* Used for properly sizing the key buffer in pk_genkey_ec() */
+#include "mbedtls/psa_util.h"
+
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C)
+static int pk_genkey_ec(mbedtls_ecp_group *grp,
+ mbedtls_mpi *d, mbedtls_ecp_point *Q)
+{
+ psa_status_t status;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ size_t curve_bits;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
+ &curve_bits);
+ unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t key_len;
+ int ret;
+
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+ psa_set_key_bits(&key_attr, curve_bits);
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+
+ status = psa_generate_key(&key_attr, &key_id);
+ if (status != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
+
+ status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto exit;
+ }
+
+ ret = mbedtls_mpi_read_binary(d, key_buf, key_len);
+ if (ret != 0) {
+ goto exit;
+ }
+
+ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf),
+ &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto exit;
+ }
+
+ ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
+
+exit:
+ psa_destroy_key(key_id);
+
+ return ret;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECP_C */
+
/** Generate a key of the desired type.
*
* \param pk The PK object to fill. It must have been initialized
@@ -53,12 +106,18 @@
return ret;
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp,
+ &mbedtls_pk_ec(*pk)->d,
+ &mbedtls_pk_ec(*pk)->Q);
+#else /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
&mbedtls_pk_ec(*pk)->d,
&mbedtls_pk_ec(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#endif
+#endif /* MBEDTLS_ECP_C */
return -1;
}
@@ -462,6 +521,7 @@
{
mbedtls_pk_context pk;
+ USE_PSA_INIT();
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
@@ -475,6 +535,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1234,9 +1295,8 @@
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
- TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
- (mbedtls_ecp_keypair *) pk.pk_ctx,
- mbedtls_test_rnd_std_rand, NULL) == 0);
+ TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
+
alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */