diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 14afef6e9..6c904a397 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -6,10 +6,82 @@ #include "mbedtls/psa_util.h" #include "pk_internal.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "test/psa_exercise_key.h" +#endif + #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) #define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +static int test_psa_bridge(const mbedtls_pk_context *ctx, + psa_key_usage_t usage_flag) +{ + switch (usage_flag) { + case PSA_KEY_USAGE_SIGN_HASH: + mbedtls_test_set_step(0); + break; + case PSA_KEY_USAGE_SIGN_MESSAGE: + mbedtls_test_set_step(1); + break; + case PSA_KEY_USAGE_DECRYPT: + mbedtls_test_set_step(2); + break; + case PSA_KEY_USAGE_DERIVE: + mbedtls_test_set_step(3); + break; + case PSA_KEY_USAGE_VERIFY_HASH: + mbedtls_test_set_step(4); + break; + case PSA_KEY_USAGE_VERIFY_MESSAGE: + mbedtls_test_set_step(5); + break; + case PSA_KEY_USAGE_ENCRYPT: + mbedtls_test_set_step(6); + break; + } + + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t psa_key = MBEDTLS_SVC_KEY_ID_INIT; + int ok = 0; + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes); + psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes); + TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key, + exercise_usage, exercise_alg)); + + mbedtls_test_set_step((unsigned long) -1); + ok = 1; + +exit: + psa_destroy_key(psa_key); + psa_reset_key_attributes(&attributes); + return ok; +} + +/* Whether a pk key can do ECDSA. Opaque keys are not supported since this + * test suite does not create opaque keys. */ +static int pk_can_ecdsa(const mbedtls_pk_context *ctx) +{ + /* Check whether we have an EC key. Unfortunately this also accepts + * keys on Montgomery curves, which can only do ECDH, so we'll have + * to dig further. */ + if (!mbedtls_pk_can_do(ctx, MBEDTLS_PK_ECDSA)) { + return 0; + } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return ctx->ec_family != PSA_ECC_FAMILY_MONTGOMERY; +#elif defined(MBEDTLS_ECDSA_C) + return mbedtls_ecdsa_can_do(mbedtls_pk_ec_ro(*ctx)->grp.id); +#else + return 0; +#endif +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -43,36 +115,19 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_DECRYPT, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_ENCRYPT, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DECRYPT)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); #endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -97,24 +152,16 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_ENCRYPT, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); #endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -144,20 +191,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } #endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -185,32 +229,20 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) #endif #if defined(MBEDTLS_PSA_CRYPTO_C) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_SIGN_MESSAGE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_DERIVE, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_HASH, - &attributes), 0); - psa_reset_key_attributes(&attributes); - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx, - PSA_KEY_USAGE_VERIFY_MESSAGE, - &attributes), 0); + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DERIVE)); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } #endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */