From aae96c9060d24a330babf66ef6fb4769254936a4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 26 Apr 2023 13:08:56 +0200 Subject: [PATCH 1/9] pk: fix: clear buffer holding raw EC private key on exit Signed-off-by: Valerio Setti --- library/pk.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/pk.c b/library/pk.c index d46a93461..dcdfd1a5f 100644 --- a/library/pk.c +++ b/library/pk.c @@ -672,6 +672,8 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; } + mbedtls_platform_zeroize(d, sizeof(d)); + /* make PK context wrap the key slot */ mbedtls_pk_free(pk); mbedtls_pk_init(pk); From 7406e967f065e3a3dda68c995a667e29e76127f4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 26 Apr 2023 14:48:43 +0200 Subject: [PATCH 2/9] test: add test function for public key derivation starting from private one Data test cases are also included in the commit. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.data | 20 +++++++ tests/suites/test_suite_pkwrite.function | 75 ++++++++++++++++++++++++ 2 files changed, 95 insertions(+) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 83bfdcb6d..1a1a737db 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -93,3 +93,23 @@ pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER + +Derive public key RSA +depends_on:MBEDTLS_RSA_C +pk_write_check_public_key_derivation:"data_files/server1.key":"data_files/server1.pubkey.der" + +Derive public key RSA 4096 +depends_on:MBEDTLS_RSA_C +pk_write_check_public_key_derivation:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" + +Derive public key EC 192 bits +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +pk_write_check_public_key_derivation:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" + +Derive public key EC 521 bits +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +pk_write_check_public_key_derivation:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" + +Derive public key EC Brainpool 512 bits +depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +pk_write_check_public_key_derivation:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index f90281d99..777bb183c 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -2,6 +2,7 @@ #include "mbedtls/pk.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" +#include "psa/crypto_sizes.h" typedef enum { TEST_PEM, @@ -123,3 +124,77 @@ void pk_write_key_check(char *key_file, int is_der) goto exit; /* make the compiler happy */ } /* END_CASE */ + +/* BEGIN_CASE */ +void pk_write_check_public_key_derivation(char *priv_key_file, + char *pub_key_file) +{ + mbedtls_pk_context priv_key, pub_key; + uint8_t derived_key_raw[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + uint8_t *derived_key_start; + size_t derived_key_len = 0; + uint8_t pub_key_raw[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + uint8_t *pub_key_start; + size_t pub_key_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + mbedtls_pk_init(&priv_key); + mbedtls_pk_init(&pub_key); + USE_PSA_INIT(); + + memset(derived_key_raw, 0, sizeof(derived_key_raw)); + memset(pub_key_raw, 0, sizeof(pub_key_raw)); + + TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL, + mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&pub_key, pub_key_file), 0); + + /* mbedtls_pk_write_pubkey() writes data backward in the provided buffer, + * i.e. derived_key_raw, so we place derived_key_start at the end of it + * and it will be updated accordingly on return. + * The same holds for pub_key_raw and pub_key_start below.*/ + derived_key_start = derived_key_raw + sizeof(derived_key_raw); + TEST_LE_U(1, mbedtls_pk_write_pubkey(&derived_key_start, + derived_key_raw, &priv_key)); + derived_key_len = sizeof(derived_key_raw) - + (derived_key_start - derived_key_raw); + + + pub_key_start = pub_key_raw + sizeof(pub_key_raw); + TEST_LE_U(1, mbedtls_pk_write_pubkey(&pub_key_start, + pub_key_raw, &pub_key)); + pub_key_len = sizeof(pub_key_raw) - + (pub_key_start - pub_key_raw); + + ASSERT_COMPARE(derived_key_start, derived_key_len, + pub_key_start, pub_key_len); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw)); + derived_key_len = 0; + + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id, + PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, + PSA_ALG_NONE), 0); + + derived_key_start = derived_key_raw + sizeof(derived_key_raw); + TEST_LE_U(1, mbedtls_pk_write_pubkey(&derived_key_start, + derived_key_raw, &priv_key)); + derived_key_len = sizeof(derived_key_raw) - + (derived_key_start - derived_key_raw); + + ASSERT_COMPARE(derived_key_start, derived_key_len, + pub_key_start, pub_key_len); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key(opaque_key_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_pk_free(&pub_key); + mbedtls_pk_free(&priv_key); + USE_PSA_DONE(); +} +/* END_CASE */ From 50dacdfd3448ee9d8731a0593aea1fe0b3029365 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 09:41:09 +0200 Subject: [PATCH 3/9] test: fix wrong private key file Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 1a1a737db..8e9d5e92b 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -96,7 +96,7 @@ pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER Derive public key RSA depends_on:MBEDTLS_RSA_C -pk_write_check_public_key_derivation:"data_files/server1.key":"data_files/server1.pubkey.der" +pk_write_check_public_key_derivation:"data_files/server1.key.der":"data_files/server1.pubkey.der" Derive public key RSA 4096 depends_on:MBEDTLS_RSA_C From b4468c45ac83444238a845a7f96cafe1101d47b9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 10:03:08 +0200 Subject: [PATCH 4/9] test: fix makefile for ec_pub.[der/pem] generation Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 80172e237..c492558f5 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -888,6 +888,10 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +ec_pub.pem: ec_prv.sec1.der + $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@ +all_final += ec_pub.pem + ################################################################ #### Convert PEM keys to DER format ################################################################ From 5e7494ea750ea08915748ccd28ebddc2a442c48a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 10:05:03 +0200 Subject: [PATCH 5/9] pk: fix position for mbedtls_platform_zeroize Signed-off-by: Valerio Setti --- library/pk.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/pk.c b/library/pk.c index dcdfd1a5f..97984f3b9 100644 --- a/library/pk.c +++ b/library/pk.c @@ -646,6 +646,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_key_type_t key_type; size_t bits; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status; /* export the private key material in the format PSA wants */ if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) { @@ -668,11 +669,11 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg)); /* import private key into PSA */ - if (PSA_SUCCESS != psa_import_key(&attributes, d, d_len, key)) { - return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; - } - + status = psa_import_key(&attributes, d, d_len, key); mbedtls_platform_zeroize(d, sizeof(d)); + if (status != PSA_SUCCESS) { + return PSA_PK_TO_MBEDTLS_ERR(status); + } /* make PK context wrap the key slot */ mbedtls_pk_free(pk); From 39a669433bcc65fc2fcc3b666d7e4710755dfb49 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 10:06:45 +0200 Subject: [PATCH 6/9] test: use better naming for the newly introduced test function Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.data | 10 +++++----- tests/suites/test_suite_pkwrite.function | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 8e9d5e92b..0619ee2db 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -96,20 +96,20 @@ pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER Derive public key RSA depends_on:MBEDTLS_RSA_C -pk_write_check_public_key_derivation:"data_files/server1.key.der":"data_files/server1.pubkey.der" +pk_write_public_from_private:"data_files/server1.key.der":"data_files/server1.pubkey.der" Derive public key RSA 4096 depends_on:MBEDTLS_RSA_C -pk_write_check_public_key_derivation:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" +pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" Derive public key EC 192 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_write_check_public_key_derivation:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" +pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" Derive public key EC 521 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_write_check_public_key_derivation:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" +pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_write_check_public_key_derivation:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" +pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 777bb183c..a3b626471 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -126,7 +126,7 @@ void pk_write_key_check(char *key_file, int is_der) /* END_CASE */ /* BEGIN_CASE */ -void pk_write_check_public_key_derivation(char *priv_key_file, +void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) { mbedtls_pk_context priv_key, pub_key; From 3f8bf06534bc0fb6bc0feec95264b8fc18713f1e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 10:52:57 +0200 Subject: [PATCH 7/9] test: optimize code for pk_write_public_from_private() Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 56 ++++++++---------------- 1 file changed, 18 insertions(+), 38 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index a3b626471..3d5d9eeab 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -126,74 +126,54 @@ void pk_write_key_check(char *key_file, int is_der) /* END_CASE */ /* BEGIN_CASE */ -void pk_write_public_from_private(char *priv_key_file, - char *pub_key_file) +void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) { - mbedtls_pk_context priv_key, pub_key; - uint8_t derived_key_raw[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - uint8_t *derived_key_start; + mbedtls_pk_context priv_key; + uint8_t *derived_key_raw = NULL; size_t derived_key_len = 0; - uint8_t pub_key_raw[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - uint8_t *pub_key_start; + uint8_t *pub_key_raw = NULL; size_t pub_key_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&priv_key); - mbedtls_pk_init(&pub_key); USE_PSA_INIT(); - memset(derived_key_raw, 0, sizeof(derived_key_raw)); - memset(pub_key_raw, 0, sizeof(pub_key_raw)); - TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL, mbedtls_test_rnd_std_rand, NULL), 0); - TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&pub_key, pub_key_file), 0); + TEST_EQUAL(mbedtls_pk_load_file(pub_key_file, &pub_key_raw, + &pub_key_len), 0); - /* mbedtls_pk_write_pubkey() writes data backward in the provided buffer, - * i.e. derived_key_raw, so we place derived_key_start at the end of it - * and it will be updated accordingly on return. - * The same holds for pub_key_raw and pub_key_start below.*/ - derived_key_start = derived_key_raw + sizeof(derived_key_raw); - TEST_LE_U(1, mbedtls_pk_write_pubkey(&derived_key_start, - derived_key_raw, &priv_key)); - derived_key_len = sizeof(derived_key_raw) - - (derived_key_start - derived_key_raw); + derived_key_len = pub_key_len; + ASSERT_ALLOC(derived_key_raw, derived_key_len); + TEST_LE_U(1, mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, + derived_key_len)); - pub_key_start = pub_key_raw + sizeof(pub_key_raw); - TEST_LE_U(1, mbedtls_pk_write_pubkey(&pub_key_start, - pub_key_raw, &pub_key)); - pub_key_len = sizeof(pub_key_raw) - - (pub_key_start - pub_key_raw); - - ASSERT_COMPARE(derived_key_start, derived_key_len, - pub_key_start, pub_key_len); + ASSERT_COMPARE(derived_key_raw, derived_key_len, + pub_key_raw, pub_key_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw)); - derived_key_len = 0; TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id, PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE), 0); - derived_key_start = derived_key_raw + sizeof(derived_key_raw); - TEST_LE_U(1, mbedtls_pk_write_pubkey(&derived_key_start, - derived_key_raw, &priv_key)); - derived_key_len = sizeof(derived_key_raw) - - (derived_key_start - derived_key_raw); + TEST_LE_U(1, mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, + derived_key_len)); - ASSERT_COMPARE(derived_key_start, derived_key_len, - pub_key_start, pub_key_len); + ASSERT_COMPARE(derived_key_raw, derived_key_len, + pub_key_raw, pub_key_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(opaque_key_id); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_pk_free(&pub_key); + mbedtls_free(derived_key_raw); + mbedtls_free(pub_key_raw); mbedtls_pk_free(&priv_key); USE_PSA_DONE(); } From 974b816b3ed880f6e78d625fb825529ec86c07e1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Apr 2023 12:07:23 +0200 Subject: [PATCH 8/9] test: check for exact length of returned pub key Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkwrite.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 3d5d9eeab..0bba16da2 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -148,8 +148,8 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) derived_key_len = pub_key_len; ASSERT_ALLOC(derived_key_raw, derived_key_len); - TEST_LE_U(1, mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, - derived_key_len)); + TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, + derived_key_len), pub_key_len); ASSERT_COMPARE(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); @@ -161,8 +161,8 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE), 0); - TEST_LE_U(1, mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, - derived_key_len)); + TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, + derived_key_len), pub_key_len); ASSERT_COMPARE(derived_key_raw, derived_key_len, pub_key_raw, pub_key_len); From 0eace4128b98476549fd345759ee2c18a445ddb5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 May 2023 16:38:57 +0200 Subject: [PATCH 9/9] pk: fixing backport issues Note: RSA is not supported in mbedtls-2.28 for opaque wrapping so it was removed from test_suite_pkwrite.data. Signed-off-by: Valerio Setti --- library/pk.c | 2 +- tests/data_files/ec_pub.der | Bin 75 -> 75 bytes tests/suites/test_suite_pkwrite.data | 14 +++----------- tests/suites/test_suite_pkwrite.function | 4 +--- 4 files changed, 5 insertions(+), 15 deletions(-) diff --git a/library/pk.c b/library/pk.c index 97984f3b9..12f412022 100644 --- a/library/pk.c +++ b/library/pk.c @@ -672,7 +672,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, status = psa_import_key(&attributes, d, d_len, key); mbedtls_platform_zeroize(d, sizeof(d)); if (status != PSA_SUCCESS) { - return PSA_PK_TO_MBEDTLS_ERR(status); + return MBEDTLS_ERR_PK_HW_ACCEL_FAILED; } /* make PK context wrap the key slot */ diff --git a/tests/data_files/ec_pub.der b/tests/data_files/ec_pub.der index 74c5951f60c2c13c29369f85c95958c4af70dc3c..e4e59158a897650220a9650b7e30beaaf00fdbba 100644 GIT binary patch delta 53 zcmV-50LuSMOOP8dQFXlEFr#quol}$M5^{*x0cW-Jw6}J~boa*dRJYP31}quXE*J>OB delta 53 zcmV-50LuSMOOP8dym@`Iu73#ZJxOa%v=OuRAf;HP0pKDn2+!c$itLLTd-6-^DN)Q@ Lp}xB$bdZ|hmr)u- diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 0619ee2db..f10bdd6cf 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -94,22 +94,14 @@ Private key write check EC Brainpool 512 bits (DER) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER -Derive public key RSA -depends_on:MBEDTLS_RSA_C -pk_write_public_from_private:"data_files/server1.key.der":"data_files/server1.pubkey.der" - -Derive public key RSA 4096 -depends_on:MBEDTLS_RSA_C -pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" - Derive public key EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" Derive public key EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 0bba16da2..c5391ba39 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -140,8 +140,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) mbedtls_pk_init(&priv_key); USE_PSA_INIT(); - TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL, - mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL), 0); TEST_EQUAL(mbedtls_pk_load_file(pub_key_file, &pub_key_raw, &pub_key_len), 0); @@ -158,7 +157,6 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw)); TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id, - PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE), 0); TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,