1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/pk.h" 3a8e1175bSopenharmony_ci#include "mbedtls/psa_util.h" 4a8e1175bSopenharmony_ci#include "pk_internal.h" 5a8e1175bSopenharmony_ci 6a8e1175bSopenharmony_ci/* For error codes */ 7a8e1175bSopenharmony_ci#include "mbedtls/asn1.h" 8a8e1175bSopenharmony_ci#include "mbedtls/base64.h" 9a8e1175bSopenharmony_ci#include "mbedtls/ecp.h" 10a8e1175bSopenharmony_ci#include "mbedtls/error.h" 11a8e1175bSopenharmony_ci#include "mbedtls/rsa.h" 12a8e1175bSopenharmony_ci#include "rsa_internal.h" 13a8e1175bSopenharmony_ci#include "pk_internal.h" 14a8e1175bSopenharmony_ci 15a8e1175bSopenharmony_ci#include <limits.h> 16a8e1175bSopenharmony_ci#include <stdint.h> 17a8e1175bSopenharmony_ci 18a8e1175bSopenharmony_ci/* Needed only for test case data under #if defined(MBEDTLS_USE_PSA_CRYPTO), 19a8e1175bSopenharmony_ci * but the test code generator requires test case data to be valid C code 20a8e1175bSopenharmony_ci * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ 21a8e1175bSopenharmony_ci#include "psa/crypto.h" 22a8e1175bSopenharmony_ci#include "mbedtls/psa_util.h" 23a8e1175bSopenharmony_ci 24a8e1175bSopenharmony_ci#include <test/psa_exercise_key.h> 25a8e1175bSopenharmony_ci 26a8e1175bSopenharmony_ci/* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ 27a8e1175bSopenharmony_ci#include "pkwrite.h" 28a8e1175bSopenharmony_ci 29a8e1175bSopenharmony_ci/* Used for properly sizing the key buffer in pk_genkey_ec() */ 30a8e1175bSopenharmony_ci#include "psa_util_internal.h" 31a8e1175bSopenharmony_ci 32a8e1175bSopenharmony_ci#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS 33a8e1175bSopenharmony_ci#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) 34a8e1175bSopenharmony_ci 35a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) || \ 36a8e1175bSopenharmony_ci defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ 37a8e1175bSopenharmony_ci defined(MBEDTLS_ECDSA_C) || \ 38a8e1175bSopenharmony_ci defined(MBEDTLS_USE_PSA_CRYPTO) 39a8e1175bSopenharmony_ci#define PK_CAN_SIGN_SOME 40a8e1175bSopenharmony_ci#endif 41a8e1175bSopenharmony_ci 42a8e1175bSopenharmony_ci/* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: 43a8e1175bSopenharmony_ci * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. 44a8e1175bSopenharmony_ci * - The build has built-in ECC and ECDSA signature. 45a8e1175bSopenharmony_ci */ 46a8e1175bSopenharmony_ci#if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ 47a8e1175bSopenharmony_ci ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \ 48a8e1175bSopenharmony_ci defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ 49a8e1175bSopenharmony_ci (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN)) 50a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PK_PSA_SIGN 51a8e1175bSopenharmony_ci#endif 52a8e1175bSopenharmony_ci 53a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) 54a8e1175bSopenharmony_ci/* Pick an elliptic curve that's supported by PSA. Note that the curve is 55a8e1175bSopenharmony_ci * not guaranteed to be supported by the ECP module. 56a8e1175bSopenharmony_ci * 57a8e1175bSopenharmony_ci * This should always find a curve if ECC is enabled in the build, except in 58a8e1175bSopenharmony_ci * one edge case: in a build with MBEDTLS_PSA_CRYPTO_CONFIG disabled and 59a8e1175bSopenharmony_ci * where the only legacy curve is secp224k1, which is not supported in PSA, 60a8e1175bSopenharmony_ci * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY ends up enabled but PSA does not 61a8e1175bSopenharmony_ci * support any curve. 62a8e1175bSopenharmony_ci */ 63a8e1175bSopenharmony_ci 64a8e1175bSopenharmony_ci/* First try all the curves that can do both ECDSA and ECDH, then try 65a8e1175bSopenharmony_ci * the ECDH-only curves. (There are no curves that can do ECDSA but not ECDH.) 66a8e1175bSopenharmony_ci * This way, if ECDSA is enabled then the curve that's selected here will 67a8e1175bSopenharmony_ci * be ECDSA-capable, and likewise for ECDH. */ 68a8e1175bSopenharmony_ci#if defined(PSA_WANT_ECC_SECP_R1_192) 69a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 70a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 71a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 72a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_224) 73a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 74a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 75a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 76a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_256) 77a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 78a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 79a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 80a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_384) 81a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 82a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 83a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 84a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_521) 85a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 86a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 87a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 88a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_K1_192) 89a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 90a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 91a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 92a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_K1_224) 93a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 94a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 95a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 96a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_K1_256) 97a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 98a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 99a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 100a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) 101a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 102a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 103a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 104a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) 105a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 106a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 107a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 108a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) 109a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 110a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 512 111a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 112a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_MONTGOMERY_255) 113a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY 114a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 255 115a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 116a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_MONTGOMERY_448) 117a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY 118a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 448 119a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 120a8e1175bSopenharmony_ci#endif /* curve selection */ 121a8e1175bSopenharmony_ci 122a8e1175bSopenharmony_ci#if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) 123a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE 124a8e1175bSopenharmony_ci#endif 125a8e1175bSopenharmony_ci 126a8e1175bSopenharmony_ci/* Pick a second curve, for tests that need two supported curves of the 127a8e1175bSopenharmony_ci * same size. For simplicity, we only handle a subset of configurations, 128a8e1175bSopenharmony_ci * and both curves will support both ECDH and ECDSA. */ 129a8e1175bSopenharmony_ci#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_K1_192) 130a8e1175bSopenharmony_ci/* Identical redefinition of the ONE macros, to confirm that they have 131a8e1175bSopenharmony_ci * the values we expect here. */ 132a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 133a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 134a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 135a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES 136a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) 137a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 138a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 139a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 140a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES 141a8e1175bSopenharmony_ci#endif 142a8e1175bSopenharmony_ci 143a8e1175bSopenharmony_ci/* Pick a second bit-size, for tests that need two supported curves of the 144a8e1175bSopenharmony_ci * same family. For simplicity, we only handle a subset of configurations, 145a8e1175bSopenharmony_ci * and both curves will support both ECDH and ECDSA. */ 146a8e1175bSopenharmony_ci#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_R1_256) 147a8e1175bSopenharmony_ci/* Identical redefinition of the ONE macros, to confirm that they have 148a8e1175bSopenharmony_ci * the values we expect here. */ 149a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 150a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 151a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 256 152a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS 153a8e1175bSopenharmony_ci#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) 154a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 155a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 156a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 384 157a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS 158a8e1175bSopenharmony_ci#endif 159a8e1175bSopenharmony_ci 160a8e1175bSopenharmony_ci#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ 161a8e1175bSopenharmony_ci 162a8e1175bSopenharmony_ci/* Always define the macros so that we can use them in test data. */ 163a8e1175bSopenharmony_ci#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) 164a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 165a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 0 166a8e1175bSopenharmony_ci#define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 167a8e1175bSopenharmony_ci#endif 168a8e1175bSopenharmony_ci#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) 169a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 170a8e1175bSopenharmony_ci#endif 171a8e1175bSopenharmony_ci#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS) 172a8e1175bSopenharmony_ci#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 0 173a8e1175bSopenharmony_ci#endif 174a8e1175bSopenharmony_ci 175a8e1175bSopenharmony_ci/* Get an available MD alg to be used in sign/verify tests. */ 176a8e1175bSopenharmony_ci#if defined(MBEDTLS_MD_CAN_SHA1) 177a8e1175bSopenharmony_ci#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA1 178a8e1175bSopenharmony_ci#elif defined(MBEDTLS_MD_CAN_SHA224) 179a8e1175bSopenharmony_ci#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224 180a8e1175bSopenharmony_ci#elif defined(MBEDTLS_MD_CAN_SHA256) 181a8e1175bSopenharmony_ci#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256 182a8e1175bSopenharmony_ci#elif defined(MBEDTLS_MD_CAN_SHA384) 183a8e1175bSopenharmony_ci#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA384 184a8e1175bSopenharmony_ci#elif defined(MBEDTLS_MD_CAN_SHA512) 185a8e1175bSopenharmony_ci#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 186a8e1175bSopenharmony_ci#endif 187a8e1175bSopenharmony_ci 188a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 189a8e1175bSopenharmony_cistatic int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) 190a8e1175bSopenharmony_ci{ 191a8e1175bSopenharmony_ci psa_status_t status; 192a8e1175bSopenharmony_ci psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 193a8e1175bSopenharmony_ci size_t curve_bits; 194a8e1175bSopenharmony_ci psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); 195a8e1175bSopenharmony_ci int ret; 196a8e1175bSopenharmony_ci 197a8e1175bSopenharmony_ci if (curve == 0) { 198a8e1175bSopenharmony_ci return MBEDTLS_ERR_PK_BAD_INPUT_DATA; 199a8e1175bSopenharmony_ci } 200a8e1175bSopenharmony_ci 201a8e1175bSopenharmony_ci psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); 202a8e1175bSopenharmony_ci psa_set_key_bits(&key_attr, curve_bits); 203a8e1175bSopenharmony_ci psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; 204a8e1175bSopenharmony_ci psa_algorithm_t sign_alg = 0; 205a8e1175bSopenharmony_ci psa_algorithm_t derive_alg = 0; 206a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { 207a8e1175bSopenharmony_ci usage |= PSA_KEY_USAGE_DERIVE; 208a8e1175bSopenharmony_ci derive_alg = PSA_ALG_ECDH; 209a8e1175bSopenharmony_ci } 210a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && 211a8e1175bSopenharmony_ci curve != PSA_ECC_FAMILY_MONTGOMERY) { 212a8e1175bSopenharmony_ci usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; 213a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 214a8e1175bSopenharmony_ci sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); 215a8e1175bSopenharmony_ci#else 216a8e1175bSopenharmony_ci sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); 217a8e1175bSopenharmony_ci#endif 218a8e1175bSopenharmony_ci } 219a8e1175bSopenharmony_ci if (derive_alg != 0) { 220a8e1175bSopenharmony_ci psa_set_key_algorithm(&key_attr, derive_alg); 221a8e1175bSopenharmony_ci if (sign_alg != 0) { 222a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&key_attr, sign_alg); 223a8e1175bSopenharmony_ci } 224a8e1175bSopenharmony_ci } else { 225a8e1175bSopenharmony_ci psa_set_key_algorithm(&key_attr, sign_alg); 226a8e1175bSopenharmony_ci } 227a8e1175bSopenharmony_ci psa_set_key_usage_flags(&key_attr, usage); 228a8e1175bSopenharmony_ci 229a8e1175bSopenharmony_ci status = psa_generate_key(&key_attr, &pk->priv_id); 230a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 231a8e1175bSopenharmony_ci return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; 232a8e1175bSopenharmony_ci } 233a8e1175bSopenharmony_ci 234a8e1175bSopenharmony_ci status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), 235a8e1175bSopenharmony_ci &pk->pub_raw_len); 236a8e1175bSopenharmony_ci if (status != PSA_SUCCESS) { 237a8e1175bSopenharmony_ci ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; 238a8e1175bSopenharmony_ci goto exit; 239a8e1175bSopenharmony_ci } 240a8e1175bSopenharmony_ci 241a8e1175bSopenharmony_ci pk->ec_family = curve; 242a8e1175bSopenharmony_ci pk->ec_bits = curve_bits; 243a8e1175bSopenharmony_ci 244a8e1175bSopenharmony_ci return 0; 245a8e1175bSopenharmony_ci 246a8e1175bSopenharmony_ciexit: 247a8e1175bSopenharmony_ci status = psa_destroy_key(pk->priv_id); 248a8e1175bSopenharmony_ci return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); 249a8e1175bSopenharmony_ci} 250a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 251a8e1175bSopenharmony_ci 252a8e1175bSopenharmony_ci/** Generate a key of the desired type. 253a8e1175bSopenharmony_ci * 254a8e1175bSopenharmony_ci * \param pk The PK object to fill. It must have been initialized 255a8e1175bSopenharmony_ci * with mbedtls_pk_setup(). 256a8e1175bSopenharmony_ci * \param curve_or_keybits - For RSA keys, the key size in bits. 257a8e1175bSopenharmony_ci * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). 258a8e1175bSopenharmony_ci * 259a8e1175bSopenharmony_ci * \return The status from the underlying type-specific key 260a8e1175bSopenharmony_ci * generation function. 261a8e1175bSopenharmony_ci * \return -1 if the key type is not recognized. 262a8e1175bSopenharmony_ci */ 263a8e1175bSopenharmony_cistatic int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) 264a8e1175bSopenharmony_ci{ 265a8e1175bSopenharmony_ci (void) pk; 266a8e1175bSopenharmony_ci (void) curve_or_keybits; 267a8e1175bSopenharmony_ci 268a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 269a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { 270a8e1175bSopenharmony_ci return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), 271a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 272a8e1175bSopenharmony_ci curve_or_keybits, 3); 273a8e1175bSopenharmony_ci } 274a8e1175bSopenharmony_ci#endif 275a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 276a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || 277a8e1175bSopenharmony_ci mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || 278a8e1175bSopenharmony_ci mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { 279a8e1175bSopenharmony_ci int ret; 280a8e1175bSopenharmony_ci 281a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 282a8e1175bSopenharmony_ci ret = pk_genkey_ec(pk, curve_or_keybits); 283a8e1175bSopenharmony_ci if (ret != 0) { 284a8e1175bSopenharmony_ci return ret; 285a8e1175bSopenharmony_ci } 286a8e1175bSopenharmony_ci 287a8e1175bSopenharmony_ci return 0; 288a8e1175bSopenharmony_ci#else 289a8e1175bSopenharmony_ci ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); 290a8e1175bSopenharmony_ci if (ret != 0) { 291a8e1175bSopenharmony_ci return ret; 292a8e1175bSopenharmony_ci } 293a8e1175bSopenharmony_ci return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, 294a8e1175bSopenharmony_ci &mbedtls_pk_ec_rw(*pk)->d, 295a8e1175bSopenharmony_ci &mbedtls_pk_ec_rw(*pk)->Q, 296a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL); 297a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 298a8e1175bSopenharmony_ci 299a8e1175bSopenharmony_ci } 300a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 301a8e1175bSopenharmony_ci return -1; 302a8e1175bSopenharmony_ci} 303a8e1175bSopenharmony_ci 304a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_C) 305a8e1175bSopenharmony_cistatic psa_key_usage_t pk_get_psa_attributes_implied_usage( 306a8e1175bSopenharmony_ci psa_key_usage_t expected_usage) 307a8e1175bSopenharmony_ci{ 308a8e1175bSopenharmony_ci /* Usage implied universally */ 309a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 310a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; 311a8e1175bSopenharmony_ci } 312a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { 313a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 314a8e1175bSopenharmony_ci } 315a8e1175bSopenharmony_ci /* Usage implied by mbedtls_pk_get_psa_attributes() */ 316a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 317a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; 318a8e1175bSopenharmony_ci } 319a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { 320a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 321a8e1175bSopenharmony_ci } 322a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_DECRYPT) { 323a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_ENCRYPT; 324a8e1175bSopenharmony_ci } 325a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; 326a8e1175bSopenharmony_ci return expected_usage; 327a8e1175bSopenharmony_ci} 328a8e1175bSopenharmony_ci 329a8e1175bSopenharmony_ci#define RSA_WRITE_PUBKEY_MAX_SIZE \ 330a8e1175bSopenharmony_ci PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) 331a8e1175bSopenharmony_ci#define ECP_WRITE_PUBKEY_MAX_SIZE \ 332a8e1175bSopenharmony_ci PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) 333a8e1175bSopenharmony_cistatic int pk_public_same(const mbedtls_pk_context *pk1, 334a8e1175bSopenharmony_ci const mbedtls_pk_context *pk2) 335a8e1175bSopenharmony_ci{ 336a8e1175bSopenharmony_ci int ok = 0; 337a8e1175bSopenharmony_ci 338a8e1175bSopenharmony_ci mbedtls_pk_type_t type = mbedtls_pk_get_type(pk1); 339a8e1175bSopenharmony_ci TEST_EQUAL(type, mbedtls_pk_get_type(pk2)); 340a8e1175bSopenharmony_ci 341a8e1175bSopenharmony_ci switch (type) { 342a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 343a8e1175bSopenharmony_ci case MBEDTLS_PK_RSA: 344a8e1175bSopenharmony_ci { 345a8e1175bSopenharmony_ci const mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(*pk1); 346a8e1175bSopenharmony_ci const mbedtls_rsa_context *rsa2 = mbedtls_pk_rsa(*pk2); 347a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa1), 348a8e1175bSopenharmony_ci mbedtls_rsa_get_padding_mode(rsa2)); 349a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_md_alg(rsa1), 350a8e1175bSopenharmony_ci mbedtls_rsa_get_md_alg(rsa2)); 351a8e1175bSopenharmony_ci unsigned char buf1[RSA_WRITE_PUBKEY_MAX_SIZE]; 352a8e1175bSopenharmony_ci unsigned char *p1 = buf1 + sizeof(buf1); 353a8e1175bSopenharmony_ci int len1 = mbedtls_rsa_write_pubkey(rsa1, buf1, &p1); 354a8e1175bSopenharmony_ci TEST_LE_U(0, len1); 355a8e1175bSopenharmony_ci unsigned char buf2[RSA_WRITE_PUBKEY_MAX_SIZE]; 356a8e1175bSopenharmony_ci unsigned char *p2 = buf2 + sizeof(buf2); 357a8e1175bSopenharmony_ci int len2 = mbedtls_rsa_write_pubkey(rsa2, buf2, &p2); 358a8e1175bSopenharmony_ci TEST_LE_U(0, len2); 359a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(p1, len1, p2, len2); 360a8e1175bSopenharmony_ci break; 361a8e1175bSopenharmony_ci } 362a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 363a8e1175bSopenharmony_ci 364a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 365a8e1175bSopenharmony_ci case MBEDTLS_PK_ECKEY: 366a8e1175bSopenharmony_ci case MBEDTLS_PK_ECKEY_DH: 367a8e1175bSopenharmony_ci case MBEDTLS_PK_ECDSA: 368a8e1175bSopenharmony_ci { 369a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 370a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(pk1->pub_raw, pk1->pub_raw_len, 371a8e1175bSopenharmony_ci pk2->pub_raw, pk2->pub_raw_len); 372a8e1175bSopenharmony_ci TEST_EQUAL(pk1->ec_family, pk2->ec_family); 373a8e1175bSopenharmony_ci TEST_EQUAL(pk1->ec_bits, pk2->ec_bits); 374a8e1175bSopenharmony_ci 375a8e1175bSopenharmony_ci#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 376a8e1175bSopenharmony_ci const mbedtls_ecp_keypair *ec1 = mbedtls_pk_ec_ro(*pk1); 377a8e1175bSopenharmony_ci const mbedtls_ecp_keypair *ec2 = mbedtls_pk_ec_ro(*pk2); 378a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(ec1), 379a8e1175bSopenharmony_ci mbedtls_ecp_keypair_get_group_id(ec2)); 380a8e1175bSopenharmony_ci unsigned char buf1[ECP_WRITE_PUBKEY_MAX_SIZE]; 381a8e1175bSopenharmony_ci size_t len1 = 99999991; 382a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_write_public_key( 383a8e1175bSopenharmony_ci ec1, MBEDTLS_ECP_PF_UNCOMPRESSED, 384a8e1175bSopenharmony_ci &len1, buf1, sizeof(buf1)), 0); 385a8e1175bSopenharmony_ci unsigned char buf2[ECP_WRITE_PUBKEY_MAX_SIZE]; 386a8e1175bSopenharmony_ci size_t len2 = 99999992; 387a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_write_public_key( 388a8e1175bSopenharmony_ci ec2, MBEDTLS_ECP_PF_UNCOMPRESSED, 389a8e1175bSopenharmony_ci &len2, buf2, sizeof(buf2)), 0); 390a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(buf1, len1, buf2, len2); 391a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 392a8e1175bSopenharmony_ci } 393a8e1175bSopenharmony_ci break; 394a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 395a8e1175bSopenharmony_ci 396a8e1175bSopenharmony_ci default: 397a8e1175bSopenharmony_ci TEST_FAIL("Unsupported pk type in pk_public_same"); 398a8e1175bSopenharmony_ci } 399a8e1175bSopenharmony_ci 400a8e1175bSopenharmony_ci ok = 1; 401a8e1175bSopenharmony_ci 402a8e1175bSopenharmony_ciexit: 403a8e1175bSopenharmony_ci return ok; 404a8e1175bSopenharmony_ci} 405a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_CRYPTO_C */ 406a8e1175bSopenharmony_ci 407a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 408a8e1175bSopenharmony_ciint mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, 409a8e1175bSopenharmony_ci const unsigned char *input, unsigned char *output, 410a8e1175bSopenharmony_ci size_t output_max_len) 411a8e1175bSopenharmony_ci{ 412a8e1175bSopenharmony_ci return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, 413a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 414a8e1175bSopenharmony_ci olen, input, output, output_max_len); 415a8e1175bSopenharmony_ci} 416a8e1175bSopenharmony_ciint mbedtls_rsa_sign_func(void *ctx, 417a8e1175bSopenharmony_ci int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 418a8e1175bSopenharmony_ci mbedtls_md_type_t md_alg, unsigned int hashlen, 419a8e1175bSopenharmony_ci const unsigned char *hash, unsigned char *sig) 420a8e1175bSopenharmony_ci{ 421a8e1175bSopenharmony_ci ((void) f_rng); 422a8e1175bSopenharmony_ci ((void) p_rng); 423a8e1175bSopenharmony_ci return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, 424a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 425a8e1175bSopenharmony_ci md_alg, hashlen, hash, sig); 426a8e1175bSopenharmony_ci} 427a8e1175bSopenharmony_cisize_t mbedtls_rsa_key_len_func(void *ctx) 428a8e1175bSopenharmony_ci{ 429a8e1175bSopenharmony_ci return ((const mbedtls_rsa_context *) ctx)->len; 430a8e1175bSopenharmony_ci} 431a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 432a8e1175bSopenharmony_ci 433a8e1175bSopenharmony_citypedef enum { 434a8e1175bSopenharmony_ci /* The values are compatible with thinking of "from pair" as a boolean. */ 435a8e1175bSopenharmony_ci FROM_PUBLIC = 0, 436a8e1175bSopenharmony_ci FROM_PAIR = 1 437a8e1175bSopenharmony_ci} from_pair_t; 438a8e1175bSopenharmony_ci 439a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_C) 440a8e1175bSopenharmony_cistatic int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, 441a8e1175bSopenharmony_ci mbedtls_pk_context *pk, psa_key_type_t *psa_type) 442a8e1175bSopenharmony_ci{ 443a8e1175bSopenharmony_ci if (pk_type == MBEDTLS_PK_NONE) { 444a8e1175bSopenharmony_ci return 0; 445a8e1175bSopenharmony_ci } 446a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); 447a8e1175bSopenharmony_ci 448a8e1175bSopenharmony_ci switch (pk_type) { 449a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 450a8e1175bSopenharmony_ci case MBEDTLS_PK_RSA: 451a8e1175bSopenharmony_ci { 452a8e1175bSopenharmony_ci *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; 453a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); 454a8e1175bSopenharmony_ci if (want_pair) { 455a8e1175bSopenharmony_ci#if defined(MBEDTLS_GENPRIME) 456a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_gen_key( 457a8e1175bSopenharmony_ci rsa, 458a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 459a8e1175bSopenharmony_ci MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); 460a8e1175bSopenharmony_ci#else 461a8e1175bSopenharmony_ci TEST_FAIL("I don't know how to create an RSA key pair in this configuration."); 462a8e1175bSopenharmony_ci#endif 463a8e1175bSopenharmony_ci } else { 464a8e1175bSopenharmony_ci unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; 465a8e1175bSopenharmony_ci N[sizeof(N) - 1] = 0x03; 466a8e1175bSopenharmony_ci const unsigned char E[1] = { 0x03 }; 467a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_import_raw(rsa, 468a8e1175bSopenharmony_ci N, sizeof(N), 469a8e1175bSopenharmony_ci NULL, 0, NULL, 0, NULL, 0, 470a8e1175bSopenharmony_ci E, sizeof(E)), 0); 471a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); 472a8e1175bSopenharmony_ci } 473a8e1175bSopenharmony_ci break; 474a8e1175bSopenharmony_ci } 475a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 476a8e1175bSopenharmony_ci 477a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 478a8e1175bSopenharmony_ci case MBEDTLS_PK_ECKEY: 479a8e1175bSopenharmony_ci case MBEDTLS_PK_ECKEY_DH: 480a8e1175bSopenharmony_ci case MBEDTLS_PK_ECDSA: 481a8e1175bSopenharmony_ci { 482a8e1175bSopenharmony_ci mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; 483a8e1175bSopenharmony_ci size_t bits; 484a8e1175bSopenharmony_ci *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); 485a8e1175bSopenharmony_ci TEST_EQUAL(pk_genkey(pk, grp_id), 0); 486a8e1175bSopenharmony_ci if (!want_pair) { 487a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 488a8e1175bSopenharmony_ci psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; 489a8e1175bSopenharmony_ci psa_set_key_type(&pub_attributes, 490a8e1175bSopenharmony_ci PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type)); 491a8e1175bSopenharmony_ci psa_set_key_usage_flags(&pub_attributes, 492a8e1175bSopenharmony_ci PSA_KEY_USAGE_EXPORT | 493a8e1175bSopenharmony_ci PSA_KEY_USAGE_COPY | 494a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_MESSAGE | 495a8e1175bSopenharmony_ci PSA_KEY_USAGE_VERIFY_HASH); 496a8e1175bSopenharmony_ci psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); 497a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(pk->priv_id)); 498a8e1175bSopenharmony_ci pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT; 499a8e1175bSopenharmony_ci#else 500a8e1175bSopenharmony_ci mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); 501a8e1175bSopenharmony_ci mbedtls_mpi_free(&ec->d); 502a8e1175bSopenharmony_ci#endif 503a8e1175bSopenharmony_ci } 504a8e1175bSopenharmony_ci break; 505a8e1175bSopenharmony_ci } 506a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 507a8e1175bSopenharmony_ci 508a8e1175bSopenharmony_ci default: 509a8e1175bSopenharmony_ci TEST_FAIL("Unknown PK type in test data"); 510a8e1175bSopenharmony_ci break; 511a8e1175bSopenharmony_ci } 512a8e1175bSopenharmony_ci 513a8e1175bSopenharmony_ci if (!want_pair) { 514a8e1175bSopenharmony_ci *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); 515a8e1175bSopenharmony_ci } 516a8e1175bSopenharmony_ci return 0; 517a8e1175bSopenharmony_ci 518a8e1175bSopenharmony_ciexit: 519a8e1175bSopenharmony_ci return MBEDTLS_ERR_ERROR_GENERIC_ERROR; 520a8e1175bSopenharmony_ci} 521a8e1175bSopenharmony_ci#endif 522a8e1175bSopenharmony_ci 523a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_C) 524a8e1175bSopenharmony_ci/* Create a new PSA key which will contain only the public part of the private 525a8e1175bSopenharmony_ci * key which is provided in input. For this new key: 526a8e1175bSopenharmony_ci * - Type is the public counterpart of the private key. 527a8e1175bSopenharmony_ci * - Usage is the copied from the original private key, but the PSA_KEY_USAGE_EXPORT 528a8e1175bSopenharmony_ci * flag is removed. This is to prove that mbedtls_pk_copy_from_psa() doesn't 529a8e1175bSopenharmony_ci * require the key to have the EXPORT flag. 530a8e1175bSopenharmony_ci * - Algorithm is copied from the original key pair. 531a8e1175bSopenharmony_ci */ 532a8e1175bSopenharmony_cistatic mbedtls_svc_key_id_t psa_pub_key_from_priv(mbedtls_svc_key_id_t priv_id) 533a8e1175bSopenharmony_ci{ 534a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 535a8e1175bSopenharmony_ci psa_key_type_t type; 536a8e1175bSopenharmony_ci psa_algorithm_t alg; 537a8e1175bSopenharmony_ci psa_key_usage_t usage; 538a8e1175bSopenharmony_ci unsigned char pub_key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; 539a8e1175bSopenharmony_ci size_t pub_key_len; 540a8e1175bSopenharmony_ci mbedtls_svc_key_id_t pub_key = MBEDTLS_SVC_KEY_ID_INIT; 541a8e1175bSopenharmony_ci 542a8e1175bSopenharmony_ci /* Get attributes from the private key. */ 543a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(priv_id, &attributes)); 544a8e1175bSopenharmony_ci type = psa_get_key_type(&attributes); 545a8e1175bSopenharmony_ci usage = psa_get_key_usage_flags(&attributes); 546a8e1175bSopenharmony_ci alg = psa_get_key_algorithm(&attributes); 547a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 548a8e1175bSopenharmony_ci 549a8e1175bSopenharmony_ci /* Export the public key and then import it in a new slot. */ 550a8e1175bSopenharmony_ci PSA_ASSERT(psa_export_public_key(priv_id, pub_key_buf, sizeof(pub_key_buf), &pub_key_len)); 551a8e1175bSopenharmony_ci 552a8e1175bSopenharmony_ci /* Notes: 553a8e1175bSopenharmony_ci * - psa_import_key() automatically determines the key's bit length 554a8e1175bSopenharmony_ci * from the provided key data. That's why psa_set_key_bits() is not used 555a8e1175bSopenharmony_ci * below. 556a8e1175bSopenharmony_ci */ 557a8e1175bSopenharmony_ci type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type); 558a8e1175bSopenharmony_ci usage &= ~PSA_KEY_USAGE_EXPORT; 559a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 560a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 561a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 562a8e1175bSopenharmony_ci 563a8e1175bSopenharmony_ci PSA_ASSERT(psa_import_key(&attributes, pub_key_buf, pub_key_len, &pub_key)); 564a8e1175bSopenharmony_ci 565a8e1175bSopenharmony_ciexit: 566a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 567a8e1175bSopenharmony_ci return pub_key; 568a8e1175bSopenharmony_ci} 569a8e1175bSopenharmony_ci 570a8e1175bSopenharmony_ci/* Create a copy of a PSA key with same usage and algorithm policy and destroy 571a8e1175bSopenharmony_ci * the original one. */ 572a8e1175bSopenharmony_cimbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) 573a8e1175bSopenharmony_ci{ 574a8e1175bSopenharmony_ci psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT; 575a8e1175bSopenharmony_ci psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT; 576a8e1175bSopenharmony_ci mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 577a8e1175bSopenharmony_ci 578a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(orig_key_id, &orig_attr)); 579a8e1175bSopenharmony_ci psa_set_key_usage_flags(&new_attr, psa_get_key_usage_flags(&orig_attr)); 580a8e1175bSopenharmony_ci psa_set_key_algorithm(&new_attr, psa_get_key_algorithm(&orig_attr)); 581a8e1175bSopenharmony_ci 582a8e1175bSopenharmony_ci PSA_ASSERT(psa_copy_key(orig_key_id, &new_attr, &new_key_id)); 583a8e1175bSopenharmony_ci psa_destroy_key(orig_key_id); 584a8e1175bSopenharmony_ci 585a8e1175bSopenharmony_ciexit: 586a8e1175bSopenharmony_ci psa_reset_key_attributes(&orig_attr); 587a8e1175bSopenharmony_ci psa_reset_key_attributes(&new_attr); 588a8e1175bSopenharmony_ci return new_key_id; 589a8e1175bSopenharmony_ci} 590a8e1175bSopenharmony_ci 591a8e1175bSopenharmony_cipsa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len, 592a8e1175bSopenharmony_ci psa_key_type_t type, psa_key_usage_t usage, 593a8e1175bSopenharmony_ci psa_algorithm_t alg, mbedtls_svc_key_id_t *key) 594a8e1175bSopenharmony_ci{ 595a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 596a8e1175bSopenharmony_ci psa_status_t status; 597a8e1175bSopenharmony_ci 598a8e1175bSopenharmony_ci *key = MBEDTLS_SVC_KEY_ID_INIT; 599a8e1175bSopenharmony_ci 600a8e1175bSopenharmony_ci /* Note: psa_import_key() automatically determines the key's bit length 601a8e1175bSopenharmony_ci * from the provided key data. That's why psa_set_key_bits() is not used below. */ 602a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 603a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 604a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 605a8e1175bSopenharmony_ci status = psa_import_key(&attributes, key_data, key_len, key); 606a8e1175bSopenharmony_ci 607a8e1175bSopenharmony_ci return status; 608a8e1175bSopenharmony_ci} 609a8e1175bSopenharmony_ci 610a8e1175bSopenharmony_cipsa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits, 611a8e1175bSopenharmony_ci psa_key_usage_t usage, psa_algorithm_t alg, 612a8e1175bSopenharmony_ci mbedtls_svc_key_id_t *key) 613a8e1175bSopenharmony_ci{ 614a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 615a8e1175bSopenharmony_ci psa_status_t status; 616a8e1175bSopenharmony_ci 617a8e1175bSopenharmony_ci *key = MBEDTLS_SVC_KEY_ID_INIT; 618a8e1175bSopenharmony_ci 619a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, usage); 620a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 621a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 622a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 623a8e1175bSopenharmony_ci status = psa_generate_key(&attributes, key); 624a8e1175bSopenharmony_ci 625a8e1175bSopenharmony_ci return status; 626a8e1175bSopenharmony_ci} 627a8e1175bSopenharmony_ci 628a8e1175bSopenharmony_ci/* 629a8e1175bSopenharmony_ci * Generate an ECC key using PSA and return the key identifier of that key, 630a8e1175bSopenharmony_ci * or 0 if the key generation failed. 631a8e1175bSopenharmony_ci * The key uses NIST P-256 and is usable for signing with SHA-256. 632a8e1175bSopenharmony_ci */ 633a8e1175bSopenharmony_cimbedtls_svc_key_id_t pk_psa_genkey_ecc(void) 634a8e1175bSopenharmony_ci{ 635a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 636a8e1175bSopenharmony_ci 637a8e1175bSopenharmony_ci pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 638a8e1175bSopenharmony_ci PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), 639a8e1175bSopenharmony_ci &key); 640a8e1175bSopenharmony_ci 641a8e1175bSopenharmony_ci return key; 642a8e1175bSopenharmony_ci} 643a8e1175bSopenharmony_ci 644a8e1175bSopenharmony_ci/* 645a8e1175bSopenharmony_ci * Generate an RSA key using PSA and return the key identifier of that key, 646a8e1175bSopenharmony_ci * or 0 if the key generation failed. 647a8e1175bSopenharmony_ci */ 648a8e1175bSopenharmony_cimbedtls_svc_key_id_t pk_psa_genkey_rsa(void) 649a8e1175bSopenharmony_ci{ 650a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 651a8e1175bSopenharmony_ci 652a8e1175bSopenharmony_ci pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, 653a8e1175bSopenharmony_ci PSA_ALG_RSA_PKCS1V15_SIGN_RAW, &key); 654a8e1175bSopenharmony_ci 655a8e1175bSopenharmony_ci return key; 656a8e1175bSopenharmony_ci} 657a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_CRYPTO_C */ 658a8e1175bSopenharmony_ci/* END_HEADER */ 659a8e1175bSopenharmony_ci 660a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 661a8e1175bSopenharmony_ci * depends_on:MBEDTLS_PK_C 662a8e1175bSopenharmony_ci * END_DEPENDENCIES 663a8e1175bSopenharmony_ci */ 664a8e1175bSopenharmony_ci 665a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 666a8e1175bSopenharmony_civoid pk_psa_utils(int key_is_rsa) 667a8e1175bSopenharmony_ci{ 668a8e1175bSopenharmony_ci mbedtls_pk_context pk, pk2; 669a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 670a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 671a8e1175bSopenharmony_ci 672a8e1175bSopenharmony_ci const char * const name = "Opaque"; 673a8e1175bSopenharmony_ci size_t bitlen; 674a8e1175bSopenharmony_ci 675a8e1175bSopenharmony_ci mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; 676a8e1175bSopenharmony_ci unsigned char b1[1], b2[1]; 677a8e1175bSopenharmony_ci size_t len; 678a8e1175bSopenharmony_ci mbedtls_pk_debug_item dbg; 679a8e1175bSopenharmony_ci 680a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 681a8e1175bSopenharmony_ci mbedtls_pk_init(&pk2); 682a8e1175bSopenharmony_ci USE_PSA_INIT(); 683a8e1175bSopenharmony_ci 684a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) == 685a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 686a8e1175bSopenharmony_ci 687a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 688a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 689a8e1175bSopenharmony_ci 690a8e1175bSopenharmony_ci if (key_is_rsa) { 691a8e1175bSopenharmony_ci bitlen = 1024; /* hardcoded in genkey() */ 692a8e1175bSopenharmony_ci key = pk_psa_genkey_rsa(); 693a8e1175bSopenharmony_ci } else { 694a8e1175bSopenharmony_ci bitlen = 256; /* hardcoded in genkey() */ 695a8e1175bSopenharmony_ci key = pk_psa_genkey_ecc(); 696a8e1175bSopenharmony_ci } 697a8e1175bSopenharmony_ci if (mbedtls_svc_key_id_is_null(key)) { 698a8e1175bSopenharmony_ci goto exit; 699a8e1175bSopenharmony_ci } 700a8e1175bSopenharmony_ci 701a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, key) == 0); 702a8e1175bSopenharmony_ci 703a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_type(&pk) == MBEDTLS_PK_OPAQUE); 704a8e1175bSopenharmony_ci TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 705a8e1175bSopenharmony_ci 706a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); 707a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8); 708a8e1175bSopenharmony_ci 709a8e1175bSopenharmony_ci if (key_is_rsa) { 710a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0); 711a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 0); 712a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 1); 713a8e1175bSopenharmony_ci } else { 714a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1); 715a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1); 716a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA) == 0); 717a8e1175bSopenharmony_ci } 718a8e1175bSopenharmony_ci 719a8e1175bSopenharmony_ci /* unsupported operations: verify, decrypt, encrypt */ 720a8e1175bSopenharmony_ci if (key_is_rsa == 1) { 721a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg, 722a8e1175bSopenharmony_ci b1, sizeof(b1), b2, sizeof(b2)) 723a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_TYPE_MISMATCH); 724a8e1175bSopenharmony_ci } else { 725a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1), 726a8e1175bSopenharmony_ci b2, &len, sizeof(b2), 727a8e1175bSopenharmony_ci NULL, NULL) 728a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_TYPE_MISMATCH); 729a8e1175bSopenharmony_ci } 730a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&pk, b1, sizeof(b1), 731a8e1175bSopenharmony_ci b2, &len, sizeof(b2), 732a8e1175bSopenharmony_ci NULL, NULL) 733a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_TYPE_MISMATCH); 734a8e1175bSopenharmony_ci 735a8e1175bSopenharmony_ci /* unsupported functions: check_pair, debug */ 736a8e1175bSopenharmony_ci if (key_is_rsa) { 737a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk2, 738a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 739a8e1175bSopenharmony_ci } else { 740a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk2, 741a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); 742a8e1175bSopenharmony_ci } 743a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_check_pair(&pk, &pk2, 744a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 745a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_TYPE_MISMATCH); 746a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_debug(&pk, &dbg) 747a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_TYPE_MISMATCH); 748a8e1175bSopenharmony_ci 749a8e1175bSopenharmony_ci /* test that freeing the context does not destroy the key */ 750a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 751a8e1175bSopenharmony_ci TEST_ASSERT(PSA_SUCCESS == psa_get_key_attributes(key, &attributes)); 752a8e1175bSopenharmony_ci TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key)); 753a8e1175bSopenharmony_ci 754a8e1175bSopenharmony_ciexit: 755a8e1175bSopenharmony_ci /* 756a8e1175bSopenharmony_ci * Key attributes may have been returned by psa_get_key_attributes() 757a8e1175bSopenharmony_ci * thus reset them as required. 758a8e1175bSopenharmony_ci */ 759a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 760a8e1175bSopenharmony_ci 761a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); /* redundant except upon error */ 762a8e1175bSopenharmony_ci mbedtls_pk_free(&pk2); 763a8e1175bSopenharmony_ci USE_PSA_DONE(); 764a8e1175bSopenharmony_ci} 765a8e1175bSopenharmony_ci/* END_CASE */ 766a8e1175bSopenharmony_ci 767a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 768a8e1175bSopenharmony_civoid pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, 769a8e1175bSopenharmony_ci int key_alg2, int curve_or_keybits, int alg_check, int usage_check, 770a8e1175bSopenharmony_ci int result) 771a8e1175bSopenharmony_ci{ 772a8e1175bSopenharmony_ci mbedtls_pk_context pk; 773a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; 774a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 775a8e1175bSopenharmony_ci 776a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 777a8e1175bSopenharmony_ci USE_PSA_INIT(); 778a8e1175bSopenharmony_ci 779a8e1175bSopenharmony_ci if (opaque_key == 1) { 780a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, key_usage); 781a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, key_alg); 782a8e1175bSopenharmony_ci if (key_alg2 != 0) { 783a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&attributes, key_alg2); 784a8e1175bSopenharmony_ci } 785a8e1175bSopenharmony_ci psa_set_key_type(&attributes, key_type); 786a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, curve_or_keybits); 787a8e1175bSopenharmony_ci 788a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&attributes, &key)); 789a8e1175bSopenharmony_ci 790a8e1175bSopenharmony_ci if (mbedtls_svc_key_id_is_null(key)) { 791a8e1175bSopenharmony_ci goto exit; 792a8e1175bSopenharmony_ci } 793a8e1175bSopenharmony_ci 794a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key), 0); 795a8e1175bSopenharmony_ci 796a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); 797a8e1175bSopenharmony_ci } else { 798a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 799a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(key_type)), 0); 800a8e1175bSopenharmony_ci TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); 801a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); 802a8e1175bSopenharmony_ci } 803a8e1175bSopenharmony_ci 804a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_can_do_ext(&pk, alg_check, usage_check), result); 805a8e1175bSopenharmony_ci 806a8e1175bSopenharmony_ciexit: 807a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 808a8e1175bSopenharmony_ci PSA_ASSERT(psa_destroy_key(key)); 809a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 810a8e1175bSopenharmony_ci USE_PSA_DONE(); 811a8e1175bSopenharmony_ci} 812a8e1175bSopenharmony_ci/* END_CASE */ 813a8e1175bSopenharmony_ci 814a8e1175bSopenharmony_ci/* BEGIN_CASE */ 815a8e1175bSopenharmony_civoid pk_invalid_param() 816a8e1175bSopenharmony_ci{ 817a8e1175bSopenharmony_ci mbedtls_pk_context ctx; 818a8e1175bSopenharmony_ci mbedtls_pk_type_t pk_type = 0; 819a8e1175bSopenharmony_ci unsigned char buf[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 820a8e1175bSopenharmony_ci size_t buf_size = sizeof(buf); 821a8e1175bSopenharmony_ci 822a8e1175bSopenharmony_ci mbedtls_pk_init(&ctx); 823a8e1175bSopenharmony_ci USE_PSA_INIT(); 824a8e1175bSopenharmony_ci 825a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 826a8e1175bSopenharmony_ci mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_NONE, 827a8e1175bSopenharmony_ci NULL, buf_size, 828a8e1175bSopenharmony_ci buf, buf_size, 829a8e1175bSopenharmony_ci NULL)); 830a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 831a8e1175bSopenharmony_ci mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_SHA256, 832a8e1175bSopenharmony_ci NULL, 0, 833a8e1175bSopenharmony_ci buf, buf_size, 834a8e1175bSopenharmony_ci NULL)); 835a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 836a8e1175bSopenharmony_ci mbedtls_pk_verify_ext(pk_type, NULL, 837a8e1175bSopenharmony_ci &ctx, MBEDTLS_MD_NONE, 838a8e1175bSopenharmony_ci NULL, buf_size, 839a8e1175bSopenharmony_ci buf, buf_size)); 840a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 841a8e1175bSopenharmony_ci mbedtls_pk_verify_ext(pk_type, NULL, 842a8e1175bSopenharmony_ci &ctx, MBEDTLS_MD_SHA256, 843a8e1175bSopenharmony_ci NULL, 0, 844a8e1175bSopenharmony_ci buf, buf_size)); 845a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 846a8e1175bSopenharmony_ci mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_NONE, 847a8e1175bSopenharmony_ci NULL, buf_size, 848a8e1175bSopenharmony_ci buf, buf_size, &buf_size, 849a8e1175bSopenharmony_ci NULL, NULL, 850a8e1175bSopenharmony_ci NULL)); 851a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 852a8e1175bSopenharmony_ci mbedtls_pk_sign_restartable(&ctx, MBEDTLS_MD_SHA256, 853a8e1175bSopenharmony_ci NULL, 0, 854a8e1175bSopenharmony_ci buf, buf_size, &buf_size, 855a8e1175bSopenharmony_ci NULL, NULL, 856a8e1175bSopenharmony_ci NULL)); 857a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 858a8e1175bSopenharmony_ci mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_NONE, 859a8e1175bSopenharmony_ci NULL, buf_size, 860a8e1175bSopenharmony_ci buf, buf_size, &buf_size, 861a8e1175bSopenharmony_ci NULL, NULL)); 862a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA, 863a8e1175bSopenharmony_ci mbedtls_pk_sign_ext(pk_type, &ctx, MBEDTLS_MD_SHA256, 864a8e1175bSopenharmony_ci NULL, 0, 865a8e1175bSopenharmony_ci buf, buf_size, &buf_size, 866a8e1175bSopenharmony_ci NULL, NULL)); 867a8e1175bSopenharmony_ciexit: 868a8e1175bSopenharmony_ci mbedtls_pk_free(&ctx); 869a8e1175bSopenharmony_ci USE_PSA_DONE(); 870a8e1175bSopenharmony_ci} 871a8e1175bSopenharmony_ci/* END_CASE */ 872a8e1175bSopenharmony_ci 873a8e1175bSopenharmony_ci/* BEGIN_CASE */ 874a8e1175bSopenharmony_civoid valid_parameters() 875a8e1175bSopenharmony_ci{ 876a8e1175bSopenharmony_ci mbedtls_pk_context pk; 877a8e1175bSopenharmony_ci unsigned char buf[1]; 878a8e1175bSopenharmony_ci size_t len; 879a8e1175bSopenharmony_ci void *options = NULL; 880a8e1175bSopenharmony_ci 881a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 882a8e1175bSopenharmony_ci USE_PSA_INIT(); 883a8e1175bSopenharmony_ci 884a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) == 885a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 886a8e1175bSopenharmony_ci 887a8e1175bSopenharmony_ci /* In informational functions, we accept NULL where a context pointer 888a8e1175bSopenharmony_ci * is expected because that's what the library has done forever. 889a8e1175bSopenharmony_ci * We do not document that NULL is accepted, so we may wish to change 890a8e1175bSopenharmony_ci * the behavior in a future version. */ 891a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_bitlen(NULL) == 0); 892a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_len(NULL) == 0); 893a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(NULL, MBEDTLS_PK_NONE) == 0); 894a8e1175bSopenharmony_ci 895a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, 896a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 897a8e1175bSopenharmony_ci NULL, 0, 898a8e1175bSopenharmony_ci buf, sizeof(buf), &len, 899a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 900a8e1175bSopenharmony_ci NULL) == 901a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 902a8e1175bSopenharmony_ci 903a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign(&pk, 904a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 905a8e1175bSopenharmony_ci NULL, 0, 906a8e1175bSopenharmony_ci buf, sizeof(buf), &len, 907a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 908a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 909a8e1175bSopenharmony_ci 910a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign_ext(MBEDTLS_PK_NONE, &pk, 911a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 912a8e1175bSopenharmony_ci NULL, 0, 913a8e1175bSopenharmony_ci buf, sizeof(buf), &len, 914a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 915a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 916a8e1175bSopenharmony_ci 917a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, 918a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 919a8e1175bSopenharmony_ci NULL, 0, 920a8e1175bSopenharmony_ci buf, sizeof(buf), 921a8e1175bSopenharmony_ci NULL) == 922a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 923a8e1175bSopenharmony_ci 924a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, 925a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 926a8e1175bSopenharmony_ci NULL, 0, 927a8e1175bSopenharmony_ci buf, sizeof(buf)) == 928a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 929a8e1175bSopenharmony_ci 930a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify_ext(MBEDTLS_PK_NONE, options, 931a8e1175bSopenharmony_ci &pk, 932a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, 933a8e1175bSopenharmony_ci NULL, 0, 934a8e1175bSopenharmony_ci buf, sizeof(buf)) == 935a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 936a8e1175bSopenharmony_ci 937a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&pk, 938a8e1175bSopenharmony_ci NULL, 0, 939a8e1175bSopenharmony_ci NULL, &len, 0, 940a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 941a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 942a8e1175bSopenharmony_ci 943a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&pk, 944a8e1175bSopenharmony_ci NULL, 0, 945a8e1175bSopenharmony_ci NULL, &len, 0, 946a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 947a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 948a8e1175bSopenharmony_ci 949a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_PARSE_C) 950a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_parse_key(&pk, NULL, 0, NULL, 1, 951a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 952a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 953a8e1175bSopenharmony_ci 954a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) == 955a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); 956a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_PARSE_C */ 957a8e1175bSopenharmony_ci USE_PSA_DONE(); 958a8e1175bSopenharmony_ci} 959a8e1175bSopenharmony_ci/* END_CASE */ 960a8e1175bSopenharmony_ci 961a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ 962a8e1175bSopenharmony_civoid valid_parameters_pkwrite(data_t *key_data) 963a8e1175bSopenharmony_ci{ 964a8e1175bSopenharmony_ci mbedtls_pk_context pk; 965a8e1175bSopenharmony_ci 966a8e1175bSopenharmony_ci /* For the write tests to be effective, we need a valid key pair. */ 967a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 968a8e1175bSopenharmony_ci USE_PSA_INIT(); 969a8e1175bSopenharmony_ci 970a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_parse_key(&pk, 971a8e1175bSopenharmony_ci key_data->x, key_data->len, NULL, 0, 972a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 0); 973a8e1175bSopenharmony_ci 974a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_write_key_der(&pk, NULL, 0) == 975a8e1175bSopenharmony_ci MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 976a8e1175bSopenharmony_ci 977a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_write_pubkey_der(&pk, NULL, 0) == 978a8e1175bSopenharmony_ci MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); 979a8e1175bSopenharmony_ci 980a8e1175bSopenharmony_ci#if defined(MBEDTLS_PEM_WRITE_C) 981a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_write_key_pem(&pk, NULL, 0) == 982a8e1175bSopenharmony_ci MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 983a8e1175bSopenharmony_ci 984a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_write_pubkey_pem(&pk, NULL, 0) == 985a8e1175bSopenharmony_ci MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); 986a8e1175bSopenharmony_ci#endif /* MBEDTLS_PEM_WRITE_C */ 987a8e1175bSopenharmony_ci 988a8e1175bSopenharmony_ciexit: 989a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 990a8e1175bSopenharmony_ci USE_PSA_DONE(); 991a8e1175bSopenharmony_ci} 992a8e1175bSopenharmony_ci/* END_CASE */ 993a8e1175bSopenharmony_ci 994a8e1175bSopenharmony_ci/* BEGIN_CASE */ 995a8e1175bSopenharmony_civoid pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) 996a8e1175bSopenharmony_ci{ 997a8e1175bSopenharmony_ci mbedtls_pk_context pk; 998a8e1175bSopenharmony_ci 999a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1000a8e1175bSopenharmony_ci USE_PSA_INIT(); 1001a8e1175bSopenharmony_ci 1002a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1003a8e1175bSopenharmony_ci TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); 1004a8e1175bSopenharmony_ci 1005a8e1175bSopenharmony_ci TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); 1006a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); 1007a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == (unsigned) bitlen); 1008a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_len(&pk) == (unsigned) len); 1009a8e1175bSopenharmony_ci TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); 1010a8e1175bSopenharmony_ci 1011a8e1175bSopenharmony_ciexit: 1012a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1013a8e1175bSopenharmony_ci USE_PSA_DONE(); 1014a8e1175bSopenharmony_ci} 1015a8e1175bSopenharmony_ci/* END_CASE */ 1016a8e1175bSopenharmony_ci 1017a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ 1018a8e1175bSopenharmony_civoid mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) 1019a8e1175bSopenharmony_ci{ 1020a8e1175bSopenharmony_ci mbedtls_pk_context pub, prv, alt; 1021a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1022a8e1175bSopenharmony_ci mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; 1023a8e1175bSopenharmony_ci psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT; 1024a8e1175bSopenharmony_ci#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1025a8e1175bSopenharmony_ci 1026a8e1175bSopenharmony_ci mbedtls_pk_init(&pub); 1027a8e1175bSopenharmony_ci mbedtls_pk_init(&prv); 1028a8e1175bSopenharmony_ci mbedtls_pk_init(&alt); 1029a8e1175bSopenharmony_ci USE_PSA_INIT(); 1030a8e1175bSopenharmony_ci 1031a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1032a8e1175bSopenharmony_ci /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending 1033a8e1175bSopenharmony_ci on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the 1034a8e1175bSopenharmony_ci two */ 1035a8e1175bSopenharmony_ci if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { 1036a8e1175bSopenharmony_ci ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; 1037a8e1175bSopenharmony_ci } 1038a8e1175bSopenharmony_ci#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1039a8e1175bSopenharmony_ci 1040a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); 1041a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, 1042a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 1043a8e1175bSopenharmony_ci == 0); 1044a8e1175bSopenharmony_ci 1045a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_check_pair(&pub, &prv, 1046a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 1047a8e1175bSopenharmony_ci == ret); 1048a8e1175bSopenharmony_ci 1049a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 1050a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_RSA) { 1051a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, mbedtls_pk_rsa(prv), 1052a8e1175bSopenharmony_ci mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 1053a8e1175bSopenharmony_ci mbedtls_rsa_key_len_func) == 0); 1054a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_check_pair(&pub, &alt, 1055a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 1056a8e1175bSopenharmony_ci == ret); 1057a8e1175bSopenharmony_ci } 1058a8e1175bSopenharmony_ci#endif 1059a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1060a8e1175bSopenharmony_ci if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { 1061a8e1175bSopenharmony_ci /* Turn the prv PK context into an opaque one.*/ 1062a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, 1063a8e1175bSopenharmony_ci &opaque_key_attr), 0); 1064a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); 1065a8e1175bSopenharmony_ci mbedtls_pk_free(&prv); 1066a8e1175bSopenharmony_ci mbedtls_pk_init(&prv); 1067a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); 1068a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, 1069a8e1175bSopenharmony_ci NULL), ret); 1070a8e1175bSopenharmony_ci } 1071a8e1175bSopenharmony_ci#endif 1072a8e1175bSopenharmony_ci 1073a8e1175bSopenharmony_ciexit: 1074a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1075a8e1175bSopenharmony_ci psa_destroy_key(opaque_key_id); 1076a8e1175bSopenharmony_ci#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1077a8e1175bSopenharmony_ci mbedtls_pk_free(&pub); 1078a8e1175bSopenharmony_ci mbedtls_pk_free(&prv); 1079a8e1175bSopenharmony_ci mbedtls_pk_free(&alt); 1080a8e1175bSopenharmony_ci USE_PSA_DONE(); 1081a8e1175bSopenharmony_ci} 1082a8e1175bSopenharmony_ci/* END_CASE */ 1083a8e1175bSopenharmony_ci 1084a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1085a8e1175bSopenharmony_civoid pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest, 1086a8e1175bSopenharmony_ci int mod, char *input_N, char *input_E, 1087a8e1175bSopenharmony_ci data_t *result_str, int expected_result) 1088a8e1175bSopenharmony_ci{ 1089a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa; 1090a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1091a8e1175bSopenharmony_ci mbedtls_pk_restart_ctx *rs_ctx = NULL; 1092a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1093a8e1175bSopenharmony_ci mbedtls_pk_restart_ctx ctx; 1094a8e1175bSopenharmony_ci 1095a8e1175bSopenharmony_ci rs_ctx = &ctx; 1096a8e1175bSopenharmony_ci mbedtls_pk_restart_init(rs_ctx); 1097a8e1175bSopenharmony_ci // this setting would ensure restart would happen if ECC was used 1098a8e1175bSopenharmony_ci mbedtls_ecp_set_max_ops(1); 1099a8e1175bSopenharmony_ci#endif 1100a8e1175bSopenharmony_ci 1101a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1102a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 1103a8e1175bSopenharmony_ci 1104a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1105a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1106a8e1175bSopenharmony_ci 1107a8e1175bSopenharmony_ci rsa->len = (mod + 7) / 8; 1108a8e1175bSopenharmony_ci if (padding >= 0) { 1109a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0); 1110a8e1175bSopenharmony_ci } 1111a8e1175bSopenharmony_ci 1112a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1113a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1114a8e1175bSopenharmony_ci 1115a8e1175bSopenharmony_ci int actual_result; 1116a8e1175bSopenharmony_ci actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0, 1117a8e1175bSopenharmony_ci result_str->x, mbedtls_pk_get_len(&pk)); 1118a8e1175bSopenharmony_ci#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1119a8e1175bSopenharmony_ci if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && 1120a8e1175bSopenharmony_ci expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { 1121a8e1175bSopenharmony_ci /* Tolerate INVALID_PADDING error for an invalid signature with 1122a8e1175bSopenharmony_ci * the legacy API (but not with PSA). */ 1123a8e1175bSopenharmony_ci } else 1124a8e1175bSopenharmony_ci#endif 1125a8e1175bSopenharmony_ci { 1126a8e1175bSopenharmony_ci TEST_EQUAL(actual_result, expected_result); 1127a8e1175bSopenharmony_ci } 1128a8e1175bSopenharmony_ci 1129a8e1175bSopenharmony_ci actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, 1130a8e1175bSopenharmony_ci result_str->x, 1131a8e1175bSopenharmony_ci mbedtls_pk_get_len(&pk), 1132a8e1175bSopenharmony_ci rs_ctx); 1133a8e1175bSopenharmony_ci#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1134a8e1175bSopenharmony_ci if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && 1135a8e1175bSopenharmony_ci expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { 1136a8e1175bSopenharmony_ci /* Tolerate INVALID_PADDING error for an invalid signature with 1137a8e1175bSopenharmony_ci * the legacy API (but not with PSA). */ 1138a8e1175bSopenharmony_ci } else 1139a8e1175bSopenharmony_ci#endif 1140a8e1175bSopenharmony_ci { 1141a8e1175bSopenharmony_ci TEST_EQUAL(actual_result, expected_result); 1142a8e1175bSopenharmony_ci } 1143a8e1175bSopenharmony_ci 1144a8e1175bSopenharmony_ciexit: 1145a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1146a8e1175bSopenharmony_ci mbedtls_pk_restart_free(rs_ctx); 1147a8e1175bSopenharmony_ci#endif 1148a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1149a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 1150a8e1175bSopenharmony_ci} 1151a8e1175bSopenharmony_ci/* END_CASE */ 1152a8e1175bSopenharmony_ci 1153a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1154a8e1175bSopenharmony_civoid pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, 1155a8e1175bSopenharmony_ci int mod, char *input_N, 1156a8e1175bSopenharmony_ci char *input_E, data_t *result_str, 1157a8e1175bSopenharmony_ci int pk_type, int mgf1_hash_id, 1158a8e1175bSopenharmony_ci int salt_len, int sig_len, 1159a8e1175bSopenharmony_ci int result) 1160a8e1175bSopenharmony_ci{ 1161a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa; 1162a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1163a8e1175bSopenharmony_ci mbedtls_pk_rsassa_pss_options pss_opts; 1164a8e1175bSopenharmony_ci void *options; 1165a8e1175bSopenharmony_ci int ret; 1166a8e1175bSopenharmony_ci 1167a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1168a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 1169a8e1175bSopenharmony_ci 1170a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1171a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1172a8e1175bSopenharmony_ci 1173a8e1175bSopenharmony_ci rsa->len = (mod + 7) / 8; 1174a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1175a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1176a8e1175bSopenharmony_ci 1177a8e1175bSopenharmony_ci 1178a8e1175bSopenharmony_ci if (mgf1_hash_id < 0) { 1179a8e1175bSopenharmony_ci options = NULL; 1180a8e1175bSopenharmony_ci } else { 1181a8e1175bSopenharmony_ci options = &pss_opts; 1182a8e1175bSopenharmony_ci 1183a8e1175bSopenharmony_ci pss_opts.mgf1_hash_id = mgf1_hash_id; 1184a8e1175bSopenharmony_ci pss_opts.expected_salt_len = salt_len; 1185a8e1175bSopenharmony_ci } 1186a8e1175bSopenharmony_ci 1187a8e1175bSopenharmony_ci ret = mbedtls_pk_verify_ext(pk_type, options, &pk, 1188a8e1175bSopenharmony_ci digest, message_str->x, message_str->len, 1189a8e1175bSopenharmony_ci result_str->x, sig_len); 1190a8e1175bSopenharmony_ci 1191a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1192a8e1175bSopenharmony_ci if (result == MBEDTLS_ERR_RSA_INVALID_PADDING) { 1193a8e1175bSopenharmony_ci /* Mbed TLS distinguishes "invalid padding" from "valid padding but 1194a8e1175bSopenharmony_ci * the rest of the signature is invalid". This has little use in 1195a8e1175bSopenharmony_ci * practice and PSA doesn't report this distinction. 1196a8e1175bSopenharmony_ci * In this case, PSA returns PSA_ERROR_INVALID_SIGNATURE translated 1197a8e1175bSopenharmony_ci * to MBEDTLS_ERR_RSA_VERIFY_FAILED. 1198a8e1175bSopenharmony_ci * However, currently `mbedtls_pk_verify_ext()` may use either the 1199a8e1175bSopenharmony_ci * PSA or the Mbed TLS API, depending on the PSS options used. 1200a8e1175bSopenharmony_ci * So, it may return either INVALID_PADDING or INVALID_SIGNATURE. 1201a8e1175bSopenharmony_ci */ 1202a8e1175bSopenharmony_ci TEST_ASSERT(ret == result || ret == MBEDTLS_ERR_RSA_VERIFY_FAILED); 1203a8e1175bSopenharmony_ci } else 1204a8e1175bSopenharmony_ci#endif 1205a8e1175bSopenharmony_ci { 1206a8e1175bSopenharmony_ci TEST_EQUAL(ret, result); 1207a8e1175bSopenharmony_ci } 1208a8e1175bSopenharmony_ci 1209a8e1175bSopenharmony_ciexit: 1210a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1211a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 1212a8e1175bSopenharmony_ci} 1213a8e1175bSopenharmony_ci/* END_CASE */ 1214a8e1175bSopenharmony_ci 1215a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY */ 1216a8e1175bSopenharmony_civoid pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, 1217a8e1175bSopenharmony_ci data_t *sig, int ret) 1218a8e1175bSopenharmony_ci{ 1219a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1220a8e1175bSopenharmony_ci 1221a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1222a8e1175bSopenharmony_ci USE_PSA_INIT(); 1223a8e1175bSopenharmony_ci 1224a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1225a8e1175bSopenharmony_ci 1226a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); 1227a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 1228a8e1175bSopenharmony_ci TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); 1229a8e1175bSopenharmony_ci memcpy(pk.pub_raw, key->x, key->len); 1230a8e1175bSopenharmony_ci pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits)); 1231a8e1175bSopenharmony_ci pk.pub_raw_len = key->len; 1232a8e1175bSopenharmony_ci#else 1233a8e1175bSopenharmony_ci mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); 1234a8e1175bSopenharmony_ci 1235a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); 1236a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, 1237a8e1175bSopenharmony_ci key->x, key->len) == 0); 1238a8e1175bSopenharmony_ci#endif 1239a8e1175bSopenharmony_ci 1240a8e1175bSopenharmony_ci // MBEDTLS_MD_NONE is used since it will be ignored. 1241a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, 1242a8e1175bSopenharmony_ci hash->x, hash->len, sig->x, sig->len) == ret); 1243a8e1175bSopenharmony_ci 1244a8e1175bSopenharmony_ciexit: 1245a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1246a8e1175bSopenharmony_ci USE_PSA_DONE(); 1247a8e1175bSopenharmony_ci} 1248a8e1175bSopenharmony_ci/* END_CASE */ 1249a8e1175bSopenharmony_ci 1250a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ 1251a8e1175bSopenharmony_civoid pk_sign_verify_restart(int pk_type, int grp_id, char *d_str, 1252a8e1175bSopenharmony_ci char *QX_str, char *QY_str, 1253a8e1175bSopenharmony_ci int md_alg, data_t *hash, data_t *sig_check, 1254a8e1175bSopenharmony_ci int max_ops, int min_restart, int max_restart) 1255a8e1175bSopenharmony_ci{ 1256a8e1175bSopenharmony_ci int ret, cnt_restart; 1257a8e1175bSopenharmony_ci mbedtls_pk_restart_ctx rs_ctx; 1258a8e1175bSopenharmony_ci mbedtls_pk_context prv, pub; 1259a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; 1260a8e1175bSopenharmony_ci size_t slen; 1261a8e1175bSopenharmony_ci 1262a8e1175bSopenharmony_ci mbedtls_pk_restart_init(&rs_ctx); 1263a8e1175bSopenharmony_ci mbedtls_pk_init(&prv); 1264a8e1175bSopenharmony_ci mbedtls_pk_init(&pub); 1265a8e1175bSopenharmony_ci USE_PSA_INIT(); 1266a8e1175bSopenharmony_ci 1267a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 1268a8e1175bSopenharmony_ci 1269a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0); 1270a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0); 1271a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0); 1272a8e1175bSopenharmony_ci 1273a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0); 1274a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0); 1275a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0); 1276a8e1175bSopenharmony_ci 1277a8e1175bSopenharmony_ci mbedtls_ecp_set_max_ops(max_ops); 1278a8e1175bSopenharmony_ci 1279a8e1175bSopenharmony_ci slen = sizeof(sig); 1280a8e1175bSopenharmony_ci cnt_restart = 0; 1281a8e1175bSopenharmony_ci do { 1282a8e1175bSopenharmony_ci ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, 1283a8e1175bSopenharmony_ci sig, sizeof(sig), &slen, 1284a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 1285a8e1175bSopenharmony_ci &rs_ctx); 1286a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 1287a8e1175bSopenharmony_ci 1288a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 1289a8e1175bSopenharmony_ci TEST_ASSERT(slen == sig_check->len); 1290a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(sig, sig_check->x, slen) == 0); 1291a8e1175bSopenharmony_ci 1292a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 1293a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 1294a8e1175bSopenharmony_ci 1295a8e1175bSopenharmony_ci cnt_restart = 0; 1296a8e1175bSopenharmony_ci do { 1297a8e1175bSopenharmony_ci ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1298a8e1175bSopenharmony_ci hash->x, hash->len, sig, slen, &rs_ctx); 1299a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart); 1300a8e1175bSopenharmony_ci 1301a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 1302a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart >= min_restart); 1303a8e1175bSopenharmony_ci TEST_ASSERT(cnt_restart <= max_restart); 1304a8e1175bSopenharmony_ci 1305a8e1175bSopenharmony_ci sig[0]++; 1306a8e1175bSopenharmony_ci do { 1307a8e1175bSopenharmony_ci ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1308a8e1175bSopenharmony_ci hash->x, hash->len, sig, slen, &rs_ctx); 1309a8e1175bSopenharmony_ci } while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1310a8e1175bSopenharmony_ci TEST_ASSERT(ret != 0); 1311a8e1175bSopenharmony_ci sig[0]--; 1312a8e1175bSopenharmony_ci 1313a8e1175bSopenharmony_ci /* Do we leak memory when aborting? try verify then sign 1314a8e1175bSopenharmony_ci * This test only makes sense when we actually restart */ 1315a8e1175bSopenharmony_ci if (min_restart > 0) { 1316a8e1175bSopenharmony_ci ret = mbedtls_pk_verify_restartable(&pub, md_alg, 1317a8e1175bSopenharmony_ci hash->x, hash->len, sig, slen, &rs_ctx); 1318a8e1175bSopenharmony_ci TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1319a8e1175bSopenharmony_ci mbedtls_pk_restart_free(&rs_ctx); 1320a8e1175bSopenharmony_ci 1321a8e1175bSopenharmony_ci slen = sizeof(sig); 1322a8e1175bSopenharmony_ci ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len, 1323a8e1175bSopenharmony_ci sig, sizeof(sig), &slen, 1324a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 1325a8e1175bSopenharmony_ci &rs_ctx); 1326a8e1175bSopenharmony_ci TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS); 1327a8e1175bSopenharmony_ci } 1328a8e1175bSopenharmony_ci 1329a8e1175bSopenharmony_ciexit: 1330a8e1175bSopenharmony_ci mbedtls_pk_restart_free(&rs_ctx); 1331a8e1175bSopenharmony_ci mbedtls_pk_free(&prv); 1332a8e1175bSopenharmony_ci mbedtls_pk_free(&pub); 1333a8e1175bSopenharmony_ci USE_PSA_DONE(); 1334a8e1175bSopenharmony_ci} 1335a8e1175bSopenharmony_ci/* END_CASE */ 1336a8e1175bSopenharmony_ci 1337a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ 1338a8e1175bSopenharmony_civoid pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, 1339a8e1175bSopenharmony_ci int sign_ret, int verify_ret) 1340a8e1175bSopenharmony_ci{ 1341a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1342a8e1175bSopenharmony_ci size_t sig_len; 1343a8e1175bSopenharmony_ci unsigned char hash[32]; // Hard-coded for SHA256 1344a8e1175bSopenharmony_ci size_t hash_len = sizeof(hash); 1345a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1346a8e1175bSopenharmony_ci void *rs_ctx = NULL; 1347a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1348a8e1175bSopenharmony_ci mbedtls_pk_restart_ctx ctx; 1349a8e1175bSopenharmony_ci 1350a8e1175bSopenharmony_ci rs_ctx = &ctx; 1351a8e1175bSopenharmony_ci mbedtls_pk_restart_init(rs_ctx); 1352a8e1175bSopenharmony_ci /* This value is large enough that the operation will complete in one run. 1353a8e1175bSopenharmony_ci * See comments at the top of ecp_test_vect_restart in 1354a8e1175bSopenharmony_ci * test_suite_ecp.function for estimates of operation counts. */ 1355a8e1175bSopenharmony_ci mbedtls_ecp_set_max_ops(42000); 1356a8e1175bSopenharmony_ci#endif 1357a8e1175bSopenharmony_ci 1358a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1359a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 1360a8e1175bSopenharmony_ci 1361a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 1362a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 1363a8e1175bSopenharmony_ci 1364a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1365a8e1175bSopenharmony_ci TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); 1366a8e1175bSopenharmony_ci 1367a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 1368a8e1175bSopenharmony_ci if (type == MBEDTLS_PK_RSA) { 1369a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); 1370a8e1175bSopenharmony_ci } 1371a8e1175bSopenharmony_ci#else 1372a8e1175bSopenharmony_ci (void) rsa_padding; 1373a8e1175bSopenharmony_ci (void) rsa_md_alg; 1374a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 1375a8e1175bSopenharmony_ci 1376a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, 1377a8e1175bSopenharmony_ci hash, hash_len, 1378a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1379a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 1380a8e1175bSopenharmony_ci rs_ctx) == sign_ret); 1381a8e1175bSopenharmony_ci if (sign_ret == 0) { 1382a8e1175bSopenharmony_ci TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 1383a8e1175bSopenharmony_ci } else { 1384a8e1175bSopenharmony_ci sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 1385a8e1175bSopenharmony_ci } 1386a8e1175bSopenharmony_ci 1387a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1388a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len) == verify_ret); 1389a8e1175bSopenharmony_ci 1390a8e1175bSopenharmony_ci if (verify_ret == 0) { 1391a8e1175bSopenharmony_ci hash[0]++; 1392a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1393a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len) != 0); 1394a8e1175bSopenharmony_ci hash[0]--; 1395a8e1175bSopenharmony_ci 1396a8e1175bSopenharmony_ci sig[0]++; 1397a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1398a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len) != 0); 1399a8e1175bSopenharmony_ci sig[0]--; 1400a8e1175bSopenharmony_ci } 1401a8e1175bSopenharmony_ci 1402a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, hash_len, 1403a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1404a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, 1405a8e1175bSopenharmony_ci NULL) == sign_ret); 1406a8e1175bSopenharmony_ci if (sign_ret == 0) { 1407a8e1175bSopenharmony_ci TEST_ASSERT(sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE); 1408a8e1175bSopenharmony_ci } else { 1409a8e1175bSopenharmony_ci sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE; 1410a8e1175bSopenharmony_ci } 1411a8e1175bSopenharmony_ci 1412a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1413a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len, rs_ctx) == verify_ret); 1414a8e1175bSopenharmony_ci 1415a8e1175bSopenharmony_ci if (verify_ret == 0) { 1416a8e1175bSopenharmony_ci hash[0]++; 1417a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1418a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); 1419a8e1175bSopenharmony_ci hash[0]--; 1420a8e1175bSopenharmony_ci 1421a8e1175bSopenharmony_ci sig[0]++; 1422a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256, 1423a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len, rs_ctx) != 0); 1424a8e1175bSopenharmony_ci sig[0]--; 1425a8e1175bSopenharmony_ci } 1426a8e1175bSopenharmony_ci 1427a8e1175bSopenharmony_ciexit: 1428a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1429a8e1175bSopenharmony_ci mbedtls_pk_restart_free(rs_ctx); 1430a8e1175bSopenharmony_ci#endif 1431a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1432a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 1433a8e1175bSopenharmony_ci} 1434a8e1175bSopenharmony_ci/* END_CASE */ 1435a8e1175bSopenharmony_ci 1436a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1437a8e1175bSopenharmony_civoid pk_rsa_encrypt_decrypt_test(data_t *message, int mod, int padding, 1438a8e1175bSopenharmony_ci char *input_P, char *input_Q, 1439a8e1175bSopenharmony_ci char *input_N, char *input_E, 1440a8e1175bSopenharmony_ci int ret) 1441a8e1175bSopenharmony_ci{ 1442a8e1175bSopenharmony_ci unsigned char output[300], result[300]; 1443a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 1444a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 1445a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa; 1446a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1447a8e1175bSopenharmony_ci size_t olen, rlen; 1448a8e1175bSopenharmony_ci 1449a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1450a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1451a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1452a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 1453a8e1175bSopenharmony_ci 1454a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1455a8e1175bSopenharmony_ci memset(output, 0, sizeof(output)); 1456a8e1175bSopenharmony_ci 1457a8e1175bSopenharmony_ci /* encryption test */ 1458a8e1175bSopenharmony_ci 1459a8e1175bSopenharmony_ci /* init pk-rsa context */ 1460a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1461a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1462a8e1175bSopenharmony_ci mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); 1463a8e1175bSopenharmony_ci 1464a8e1175bSopenharmony_ci /* load public key */ 1465a8e1175bSopenharmony_ci rsa->len = (mod + 7) / 8; 1466a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); 1467a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); 1468a8e1175bSopenharmony_ci 1469a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&pk, message->x, message->len, 1470a8e1175bSopenharmony_ci output, &olen, sizeof(output), 1471a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1472a8e1175bSopenharmony_ci 1473a8e1175bSopenharmony_ci /* decryption test */ 1474a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1475a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1476a8e1175bSopenharmony_ci 1477a8e1175bSopenharmony_ci /* init pk-rsa context */ 1478a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1479a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, 1480a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1481a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1482a8e1175bSopenharmony_ci mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_SHA1); 1483a8e1175bSopenharmony_ci 1484a8e1175bSopenharmony_ci /* load public key */ 1485a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1486a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1487a8e1175bSopenharmony_ci 1488a8e1175bSopenharmony_ci /* load private key */ 1489a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1490a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1491a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); 1492a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1493a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); 1494a8e1175bSopenharmony_ci 1495a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); 1496a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1497a8e1175bSopenharmony_ci 1498a8e1175bSopenharmony_ci memset(result, 0, sizeof(result)); 1499a8e1175bSopenharmony_ci rlen = 0; 1500a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen, 1501a8e1175bSopenharmony_ci result, &rlen, sizeof(result), 1502a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1503a8e1175bSopenharmony_ci if (ret == 0) { 1504a8e1175bSopenharmony_ci TEST_ASSERT(rlen == message->len); 1505a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(result, message->x, rlen) == 0); 1506a8e1175bSopenharmony_ci } 1507a8e1175bSopenharmony_ci 1508a8e1175bSopenharmony_ciexit: 1509a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1510a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1511a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1512a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 1513a8e1175bSopenharmony_ci} 1514a8e1175bSopenharmony_ci/* END_CASE */ 1515a8e1175bSopenharmony_ci 1516a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1517a8e1175bSopenharmony_civoid pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg, 1518a8e1175bSopenharmony_ci char *input_P, char *input_Q, 1519a8e1175bSopenharmony_ci char *input_N, char *input_E, 1520a8e1175bSopenharmony_ci data_t *clear, int ret) 1521a8e1175bSopenharmony_ci{ 1522a8e1175bSopenharmony_ci unsigned char output[256]; 1523a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 1524a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 1525a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa; 1526a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1527a8e1175bSopenharmony_ci size_t olen; 1528a8e1175bSopenharmony_ci 1529a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1530a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1531a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1532a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 1533a8e1175bSopenharmony_ci 1534a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1535a8e1175bSopenharmony_ci 1536a8e1175bSopenharmony_ci /* init pk-rsa context */ 1537a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1538a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1539a8e1175bSopenharmony_ci 1540a8e1175bSopenharmony_ci /* load public key */ 1541a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1542a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1543a8e1175bSopenharmony_ci 1544a8e1175bSopenharmony_ci /* load private key */ 1545a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); 1546a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); 1547a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); 1548a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1549a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); 1550a8e1175bSopenharmony_ci 1551a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1552a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); 1553a8e1175bSopenharmony_ci 1554a8e1175bSopenharmony_ci /* set padding mode */ 1555a8e1175bSopenharmony_ci if (padding >= 0) { 1556a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0); 1557a8e1175bSopenharmony_ci } 1558a8e1175bSopenharmony_ci 1559a8e1175bSopenharmony_ci /* decryption test */ 1560a8e1175bSopenharmony_ci memset(output, 0, sizeof(output)); 1561a8e1175bSopenharmony_ci olen = 0; 1562a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, 1563a8e1175bSopenharmony_ci output, &olen, sizeof(output), 1564a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1565a8e1175bSopenharmony_ci if (ret == 0) { 1566a8e1175bSopenharmony_ci TEST_ASSERT(olen == clear->len); 1567a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(output, clear->x, olen) == 0); 1568a8e1175bSopenharmony_ci } 1569a8e1175bSopenharmony_ci 1570a8e1175bSopenharmony_ciexit: 1571a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1572a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1573a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1574a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 1575a8e1175bSopenharmony_ci} 1576a8e1175bSopenharmony_ci/* END_CASE */ 1577a8e1175bSopenharmony_ci 1578a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ 1579a8e1175bSopenharmony_civoid pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, 1580a8e1175bSopenharmony_ci char *input_P, char *input_Q, 1581a8e1175bSopenharmony_ci char *input_N, char *input_E, 1582a8e1175bSopenharmony_ci int padding_mode, 1583a8e1175bSopenharmony_ci data_t *clear, int ret) 1584a8e1175bSopenharmony_ci{ 1585a8e1175bSopenharmony_ci unsigned char output[256]; 1586a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 1587a8e1175bSopenharmony_ci mbedtls_mpi N, P, Q, E; 1588a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa; 1589a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1590a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1591a8e1175bSopenharmony_ci psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 1592a8e1175bSopenharmony_ci size_t olen; 1593a8e1175bSopenharmony_ci 1594a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1595a8e1175bSopenharmony_ci mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); 1596a8e1175bSopenharmony_ci mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); 1597a8e1175bSopenharmony_ci USE_PSA_INIT(); 1598a8e1175bSopenharmony_ci 1599a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1600a8e1175bSopenharmony_ci 1601a8e1175bSopenharmony_ci /* init pk-rsa context */ 1602a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 1603a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1604a8e1175bSopenharmony_ci rsa = mbedtls_pk_rsa(pk); 1605a8e1175bSopenharmony_ci 1606a8e1175bSopenharmony_ci /* load public key */ 1607a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); 1608a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); 1609a8e1175bSopenharmony_ci 1610a8e1175bSopenharmony_ci /* load private key */ 1611a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0); 1612a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0); 1613a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0); 1614a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); 1615a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); 1616a8e1175bSopenharmony_ci 1617a8e1175bSopenharmony_ci /* Set padding mode */ 1618a8e1175bSopenharmony_ci if (padding_mode == MBEDTLS_RSA_PKCS_V21) { 1619a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding_mode, MBEDTLS_MD_SHA1), 0); 1620a8e1175bSopenharmony_ci } 1621a8e1175bSopenharmony_ci 1622a8e1175bSopenharmony_ci /* Turn PK context into an opaque one. */ 1623a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0); 1624a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); 1625a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1626a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1627a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 1628a8e1175bSopenharmony_ci 1629a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); 1630a8e1175bSopenharmony_ci 1631a8e1175bSopenharmony_ci /* decryption test */ 1632a8e1175bSopenharmony_ci memset(output, 0, sizeof(output)); 1633a8e1175bSopenharmony_ci olen = 0; 1634a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_decrypt(&pk, cipher->x, cipher->len, 1635a8e1175bSopenharmony_ci output, &olen, sizeof(output), 1636a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info), ret); 1637a8e1175bSopenharmony_ci if (ret == 0) { 1638a8e1175bSopenharmony_ci TEST_EQUAL(olen, clear->len); 1639a8e1175bSopenharmony_ci TEST_EQUAL(memcmp(output, clear->x, olen), 0); 1640a8e1175bSopenharmony_ci } 1641a8e1175bSopenharmony_ci 1642a8e1175bSopenharmony_ci TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); 1643a8e1175bSopenharmony_ci 1644a8e1175bSopenharmony_ciexit: 1645a8e1175bSopenharmony_ci mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); 1646a8e1175bSopenharmony_ci mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); 1647a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1648a8e1175bSopenharmony_ci USE_PSA_DONE(); 1649a8e1175bSopenharmony_ci} 1650a8e1175bSopenharmony_ci/* END_CASE */ 1651a8e1175bSopenharmony_ci 1652a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1653a8e1175bSopenharmony_civoid pk_ec_nocrypt(int type) 1654a8e1175bSopenharmony_ci{ 1655a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1656a8e1175bSopenharmony_ci unsigned char output[100]; 1657a8e1175bSopenharmony_ci unsigned char input[100]; 1658a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_info rnd_info; 1659a8e1175bSopenharmony_ci size_t olen = 0; 1660a8e1175bSopenharmony_ci int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1661a8e1175bSopenharmony_ci 1662a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1663a8e1175bSopenharmony_ci USE_PSA_INIT(); 1664a8e1175bSopenharmony_ci 1665a8e1175bSopenharmony_ci memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); 1666a8e1175bSopenharmony_ci memset(output, 0, sizeof(output)); 1667a8e1175bSopenharmony_ci memset(input, 0, sizeof(input)); 1668a8e1175bSopenharmony_ci 1669a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); 1670a8e1175bSopenharmony_ci 1671a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&pk, input, sizeof(input), 1672a8e1175bSopenharmony_ci output, &olen, sizeof(output), 1673a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1674a8e1175bSopenharmony_ci 1675a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&pk, input, sizeof(input), 1676a8e1175bSopenharmony_ci output, &olen, sizeof(output), 1677a8e1175bSopenharmony_ci mbedtls_test_rnd_pseudo_rand, &rnd_info) == ret); 1678a8e1175bSopenharmony_ci 1679a8e1175bSopenharmony_ciexit: 1680a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1681a8e1175bSopenharmony_ci USE_PSA_DONE(); 1682a8e1175bSopenharmony_ci} 1683a8e1175bSopenharmony_ci/* END_CASE */ 1684a8e1175bSopenharmony_ci 1685a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ 1686a8e1175bSopenharmony_civoid pk_rsa_overflow() 1687a8e1175bSopenharmony_ci{ 1688a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1689a8e1175bSopenharmony_ci size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1; 1690a8e1175bSopenharmony_ci unsigned char hash[50], sig[100]; 1691a8e1175bSopenharmony_ci 1692a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1693a8e1175bSopenharmony_ci USE_PSA_INIT(); 1694a8e1175bSopenharmony_ci 1695a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 1696a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 1697a8e1175bSopenharmony_ci 1698a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 1699a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1700a8e1175bSopenharmony_ci 1701a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V21) 1702a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify_ext(MBEDTLS_PK_RSASSA_PSS, NULL, &pk, 1703a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len), 1704a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1705a8e1175bSopenharmony_ci#endif /* MBEDTLS_PKCS1_V21 */ 1706a8e1175bSopenharmony_ci 1707a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, hash, hash_len, 1708a8e1175bSopenharmony_ci sig, sig_len), 1709a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1710a8e1175bSopenharmony_ci 1711a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V21) 1712a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, 1713a8e1175bSopenharmony_ci MBEDTLS_MD_NONE, hash, hash_len, 1714a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1715a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 1716a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1717a8e1175bSopenharmony_ci#endif /* MBEDTLS_PKCS1_V21 */ 1718a8e1175bSopenharmony_ci 1719a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len, 1720a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1721a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 1722a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1723a8e1175bSopenharmony_ci 1724a8e1175bSopenharmony_ciexit: 1725a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1726a8e1175bSopenharmony_ci USE_PSA_DONE(); 1727a8e1175bSopenharmony_ci} 1728a8e1175bSopenharmony_ci/* END_CASE */ 1729a8e1175bSopenharmony_ci 1730a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ 1731a8e1175bSopenharmony_civoid pk_rsa_alt() 1732a8e1175bSopenharmony_ci{ 1733a8e1175bSopenharmony_ci /* 1734a8e1175bSopenharmony_ci * An rsa_alt context can only do private operations (decrypt, sign). 1735a8e1175bSopenharmony_ci * Test it against the public operations (encrypt, verify) of a 1736a8e1175bSopenharmony_ci * corresponding rsa context. 1737a8e1175bSopenharmony_ci */ 1738a8e1175bSopenharmony_ci mbedtls_rsa_context raw; 1739a8e1175bSopenharmony_ci mbedtls_pk_context rsa, alt; 1740a8e1175bSopenharmony_ci mbedtls_pk_debug_item dbg_items[10]; 1741a8e1175bSopenharmony_ci unsigned char hash[50], sig[RSA_KEY_LEN]; 1742a8e1175bSopenharmony_ci unsigned char msg[50], ciph[RSA_KEY_LEN], test[50]; 1743a8e1175bSopenharmony_ci size_t sig_len, ciph_len, test_len; 1744a8e1175bSopenharmony_ci int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 1745a8e1175bSopenharmony_ci 1746a8e1175bSopenharmony_ci mbedtls_rsa_init(&raw); 1747a8e1175bSopenharmony_ci mbedtls_pk_init(&rsa); 1748a8e1175bSopenharmony_ci mbedtls_pk_init(&alt); 1749a8e1175bSopenharmony_ci USE_PSA_INIT(); 1750a8e1175bSopenharmony_ci 1751a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 1752a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 1753a8e1175bSopenharmony_ci memset(msg, 0x2a, sizeof(msg)); 1754a8e1175bSopenharmony_ci memset(ciph, 0, sizeof(ciph)); 1755a8e1175bSopenharmony_ci memset(test, 0, sizeof(test)); 1756a8e1175bSopenharmony_ci 1757a8e1175bSopenharmony_ci /* Initialize PK RSA context with random key */ 1758a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&rsa, 1759a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1760a8e1175bSopenharmony_ci TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0); 1761a8e1175bSopenharmony_ci 1762a8e1175bSopenharmony_ci /* Extract key to the raw rsa context */ 1763a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); 1764a8e1175bSopenharmony_ci 1765a8e1175bSopenharmony_ci /* Initialize PK RSA_ALT context */ 1766a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&alt, (void *) &raw, 1767a8e1175bSopenharmony_ci mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, 1768a8e1175bSopenharmony_ci mbedtls_rsa_key_len_func) == 0); 1769a8e1175bSopenharmony_ci 1770a8e1175bSopenharmony_ci /* Test administrative functions */ 1771a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_can_do(&alt, MBEDTLS_PK_RSA)); 1772a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_bitlen(&alt) == RSA_KEY_SIZE); 1773a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_len(&alt) == RSA_KEY_LEN); 1774a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); 1775a8e1175bSopenharmony_ci TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); 1776a8e1175bSopenharmony_ci 1777a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_CRYPTO_C) 1778a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1779a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, 1780a8e1175bSopenharmony_ci PSA_KEY_USAGE_ENCRYPT, 1781a8e1175bSopenharmony_ci &attributes), 1782a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 1783a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1784a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), 1785a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 1786a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_CRYPTO_C */ 1787a8e1175bSopenharmony_ci 1788a8e1175bSopenharmony_ci /* Test signature */ 1789a8e1175bSopenharmony_ci#if SIZE_MAX > UINT_MAX 1790a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, 1791a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1792a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 1793a8e1175bSopenharmony_ci == MBEDTLS_ERR_PK_BAD_INPUT_DATA); 1794a8e1175bSopenharmony_ci#endif /* SIZE_MAX > UINT_MAX */ 1795a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), 1796a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 1797a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) 1798a8e1175bSopenharmony_ci == 0); 1799a8e1175bSopenharmony_ci TEST_ASSERT(sig_len == RSA_KEY_LEN); 1800a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE, 1801a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len) == 0); 1802a8e1175bSopenharmony_ci 1803a8e1175bSopenharmony_ci /* Test decrypt */ 1804a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg), 1805a8e1175bSopenharmony_ci ciph, &ciph_len, sizeof(ciph), 1806a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 0); 1807a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len, 1808a8e1175bSopenharmony_ci test, &test_len, sizeof(test), 1809a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == 0); 1810a8e1175bSopenharmony_ci TEST_ASSERT(test_len == sizeof(msg)); 1811a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(test, msg, test_len) == 0); 1812a8e1175bSopenharmony_ci 1813a8e1175bSopenharmony_ci /* Test forbidden operations */ 1814a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg), 1815a8e1175bSopenharmony_ci ciph, &ciph_len, sizeof(ciph), 1816a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL) == ret); 1817a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE, 1818a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len) == ret); 1819a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret); 1820a8e1175bSopenharmony_ci 1821a8e1175bSopenharmony_ciexit: 1822a8e1175bSopenharmony_ci mbedtls_rsa_free(&raw); 1823a8e1175bSopenharmony_ci mbedtls_pk_free(&rsa); mbedtls_pk_free(&alt); 1824a8e1175bSopenharmony_ci USE_PSA_DONE(); 1825a8e1175bSopenharmony_ci} 1826a8e1175bSopenharmony_ci/* END_CASE */ 1827a8e1175bSopenharmony_ci 1828a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ 1829a8e1175bSopenharmony_civoid pk_psa_sign(int psa_type, int bits, int rsa_padding) 1830a8e1175bSopenharmony_ci{ 1831a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1832a8e1175bSopenharmony_ci unsigned char hash[32]; 1833a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 1834a8e1175bSopenharmony_ci unsigned char legacy_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; 1835a8e1175bSopenharmony_ci unsigned char opaque_pub_key[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE]; 1836a8e1175bSopenharmony_ci size_t sig_len, legacy_pub_key_len, opaque_pub_key_len; 1837a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1838a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1839a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_WRITE_C) 1840a8e1175bSopenharmony_ci int ret; 1841a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */ 1842a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1843a8e1175bSopenharmony_ci mbedtls_ecp_group_id ecp_grp_id; 1844a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1845a8e1175bSopenharmony_ci 1846a8e1175bSopenharmony_ci /* 1847a8e1175bSopenharmony_ci * Following checks are perfomed: 1848a8e1175bSopenharmony_ci * - create an RSA/EC opaque context; 1849a8e1175bSopenharmony_ci * - sign with opaque context for both EC and RSA keys; 1850a8e1175bSopenharmony_ci * - [EC only] verify with opaque context; 1851a8e1175bSopenharmony_ci * - verify that public keys of opaque and non-opaque contexts match; 1852a8e1175bSopenharmony_ci * - verify with non-opaque context. 1853a8e1175bSopenharmony_ci */ 1854a8e1175bSopenharmony_ci 1855a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1856a8e1175bSopenharmony_ci USE_PSA_INIT(); 1857a8e1175bSopenharmony_ci 1858a8e1175bSopenharmony_ci /* Create the legacy EC/RSA PK context. */ 1859a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) 1860a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1861a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, 1862a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); 1863a8e1175bSopenharmony_ci TEST_EQUAL(pk_genkey(&pk, bits), 0); 1864a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); 1865a8e1175bSopenharmony_ci } 1866a8e1175bSopenharmony_ci#else /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ 1867a8e1175bSopenharmony_ci (void) rsa_padding; 1868a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ 1869a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1870a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1871a8e1175bSopenharmony_ci ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); 1872a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); 1873a8e1175bSopenharmony_ci TEST_ASSERT(pk_genkey(&pk, ecp_grp_id) == 0); 1874a8e1175bSopenharmony_ci } 1875a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1876a8e1175bSopenharmony_ci 1877a8e1175bSopenharmony_ci /* Export public key from the non-opaque PK context we just created. */ 1878a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1879a8e1175bSopenharmony_ci ret = mbedtls_pk_write_pubkey_der(&pk, legacy_pub_key, sizeof(legacy_pub_key)); 1880a8e1175bSopenharmony_ci TEST_ASSERT(ret >= 0); 1881a8e1175bSopenharmony_ci legacy_pub_key_len = (size_t) ret; 1882a8e1175bSopenharmony_ci /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer so we 1883a8e1175bSopenharmony_ci * shift data back to the beginning of the buffer. */ 1884a8e1175bSopenharmony_ci memmove(legacy_pub_key, 1885a8e1175bSopenharmony_ci legacy_pub_key + sizeof(legacy_pub_key) - legacy_pub_key_len, 1886a8e1175bSopenharmony_ci legacy_pub_key_len); 1887a8e1175bSopenharmony_ci#else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1888a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1889a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1890a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), 1891a8e1175bSopenharmony_ci &(mbedtls_pk_ec_ro(pk)->Q), 1892a8e1175bSopenharmony_ci MBEDTLS_ECP_PF_UNCOMPRESSED, 1893a8e1175bSopenharmony_ci &legacy_pub_key_len, legacy_pub_key, 1894a8e1175bSopenharmony_ci sizeof(legacy_pub_key)), 0); 1895a8e1175bSopenharmony_ci } 1896a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1897a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 1898a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1899a8e1175bSopenharmony_ci unsigned char *end = legacy_pub_key + sizeof(legacy_pub_key); 1900a8e1175bSopenharmony_ci ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, &end); 1901a8e1175bSopenharmony_ci legacy_pub_key_len = (size_t) ret; 1902a8e1175bSopenharmony_ci TEST_ASSERT(legacy_pub_key_len > 0); 1903a8e1175bSopenharmony_ci /* mbedtls_rsa_write_pubkey() writes data backward in the buffer so 1904a8e1175bSopenharmony_ci * we shift that to the origin of the buffer instead. */ 1905a8e1175bSopenharmony_ci memmove(legacy_pub_key, end, legacy_pub_key_len); 1906a8e1175bSopenharmony_ci } 1907a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 1908a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1909a8e1175bSopenharmony_ci 1910a8e1175bSopenharmony_ci /* Turn the PK context into an opaque one. */ 1911a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0); 1912a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0); 1913a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1914a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1915a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 1916a8e1175bSopenharmony_ci 1917a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); 1918a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type); 1919a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), (size_t) bits); 1920a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 1921a8e1175bSopenharmony_ci 1922a8e1175bSopenharmony_ci /* Sign with the opaque context. */ 1923a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 1924a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 1925a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, 1926a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sizeof(sig), &sig_len, 1927a8e1175bSopenharmony_ci NULL, NULL) == 0); 1928a8e1175bSopenharmony_ci /* Only opaque EC keys support verification. */ 1929a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1930a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1931a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len) == 0); 1932a8e1175bSopenharmony_ci } 1933a8e1175bSopenharmony_ci 1934a8e1175bSopenharmony_ci /* Export public key from the opaque PK context. */ 1935a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1936a8e1175bSopenharmony_ci ret = mbedtls_pk_write_pubkey_der(&pk, opaque_pub_key, sizeof(opaque_pub_key)); 1937a8e1175bSopenharmony_ci TEST_ASSERT(ret >= 0); 1938a8e1175bSopenharmony_ci opaque_pub_key_len = (size_t) ret; 1939a8e1175bSopenharmony_ci /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 1940a8e1175bSopenharmony_ci memmove(opaque_pub_key, 1941a8e1175bSopenharmony_ci opaque_pub_key + sizeof(opaque_pub_key) - opaque_pub_key_len, 1942a8e1175bSopenharmony_ci opaque_pub_key_len); 1943a8e1175bSopenharmony_ci#else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1944a8e1175bSopenharmony_ci TEST_EQUAL(psa_export_public_key(key_id, opaque_pub_key, sizeof(opaque_pub_key), 1945a8e1175bSopenharmony_ci &opaque_pub_key_len), PSA_SUCCESS); 1946a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1947a8e1175bSopenharmony_ci 1948a8e1175bSopenharmony_ci /* Check that the public keys of opaque and non-opaque PK contexts match. */ 1949a8e1175bSopenharmony_ci TEST_EQUAL(opaque_pub_key_len, legacy_pub_key_len); 1950a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(opaque_pub_key, opaque_pub_key_len, legacy_pub_key, legacy_pub_key_len); 1951a8e1175bSopenharmony_ci 1952a8e1175bSopenharmony_ci /* Destroy the opaque PK context and the wrapped PSA key. */ 1953a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1954a8e1175bSopenharmony_ci TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id)); 1955a8e1175bSopenharmony_ci 1956a8e1175bSopenharmony_ci /* Create a new non-opaque PK context to verify the signature. */ 1957a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 1958a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) 1959a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, legacy_pub_key, legacy_pub_key_len), 0); 1960a8e1175bSopenharmony_ci#else /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1961a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 1962a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { 1963a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); 1964a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(pk)->grp), ecp_grp_id), 0); 1965a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), 1966a8e1175bSopenharmony_ci &(mbedtls_pk_ec_rw(pk)->Q), 1967a8e1175bSopenharmony_ci legacy_pub_key, legacy_pub_key_len), 0); 1968a8e1175bSopenharmony_ci } 1969a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ 1970a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 1971a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1972a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)), 0); 1973a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), legacy_pub_key, 1974a8e1175bSopenharmony_ci legacy_pub_key_len), 0); 1975a8e1175bSopenharmony_ci } 1976a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 1977a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C */ 1978a8e1175bSopenharmony_ci 1979a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 1980a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_RSA(psa_type)) { 1981a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); 1982a8e1175bSopenharmony_ci } 1983a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 1984a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, 1985a8e1175bSopenharmony_ci hash, sizeof(hash), sig, sig_len) == 0); 1986a8e1175bSopenharmony_ci 1987a8e1175bSopenharmony_ciexit: 1988a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 1989a8e1175bSopenharmony_ci 1990a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 1991a8e1175bSopenharmony_ci USE_PSA_DONE(); 1992a8e1175bSopenharmony_ci} 1993a8e1175bSopenharmony_ci/* END_CASE */ 1994a8e1175bSopenharmony_ci 1995a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1996a8e1175bSopenharmony_civoid pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) 1997a8e1175bSopenharmony_ci{ 1998a8e1175bSopenharmony_ci mbedtls_pk_context pk; 1999a8e1175bSopenharmony_ci size_t sig_len; 2000a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 2001a8e1175bSopenharmony_ci unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2002a8e1175bSopenharmony_ci size_t hash_len = mbedtls_md_get_size_from_type(md_alg); 2003a8e1175bSopenharmony_ci void const *options = NULL; 2004a8e1175bSopenharmony_ci mbedtls_pk_rsassa_pss_options rsassa_pss_options; 2005a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 2006a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 2007a8e1175bSopenharmony_ci 2008a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2009a8e1175bSopenharmony_ci MD_OR_USE_PSA_INIT(); 2010a8e1175bSopenharmony_ci 2011a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 2012a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(pk_type)), 0); 2013a8e1175bSopenharmony_ci TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); 2014a8e1175bSopenharmony_ci 2015a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, 2016a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 2017a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2018a8e1175bSopenharmony_ci 2019a8e1175bSopenharmony_ci if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2020a8e1175bSopenharmony_ci rsassa_pss_options.mgf1_hash_id = md_alg; 2021a8e1175bSopenharmony_ci TEST_ASSERT(hash_len != 0); 2022a8e1175bSopenharmony_ci rsassa_pss_options.expected_salt_len = hash_len; 2023a8e1175bSopenharmony_ci options = (const void *) &rsassa_pss_options; 2024a8e1175bSopenharmony_ci } 2025a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, 2026a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len), 0); 2027a8e1175bSopenharmony_ciexit: 2028a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2029a8e1175bSopenharmony_ci MD_OR_USE_PSA_DONE(); 2030a8e1175bSopenharmony_ci} 2031a8e1175bSopenharmony_ci/* END_CASE */ 2032a8e1175bSopenharmony_ci 2033a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */ 2034a8e1175bSopenharmony_civoid pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg) 2035a8e1175bSopenharmony_ci{ 2036a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2037a8e1175bSopenharmony_ci size_t sig_len, pkey_len; 2038a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2039a8e1175bSopenharmony_ci psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 2040a8e1175bSopenharmony_ci unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 2041a8e1175bSopenharmony_ci unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; 2042a8e1175bSopenharmony_ci unsigned char *pkey_start; 2043a8e1175bSopenharmony_ci unsigned char hash[PSA_HASH_MAX_SIZE]; 2044a8e1175bSopenharmony_ci psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); 2045a8e1175bSopenharmony_ci size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); 2046a8e1175bSopenharmony_ci void const *options = NULL; 2047a8e1175bSopenharmony_ci mbedtls_pk_rsassa_pss_options rsassa_pss_options; 2048a8e1175bSopenharmony_ci int ret; 2049a8e1175bSopenharmony_ci 2050a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2051a8e1175bSopenharmony_ci PSA_INIT(); 2052a8e1175bSopenharmony_ci 2053a8e1175bSopenharmony_ci /* Create legacy RSA public/private key in PK context. */ 2054a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2055a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 2056a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(pk_type)), 0); 2057a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), 2058a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL, 2059a8e1175bSopenharmony_ci key_bits, 3), 0); 2060a8e1175bSopenharmony_ci 2061a8e1175bSopenharmony_ci if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2062a8e1175bSopenharmony_ci mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); 2063a8e1175bSopenharmony_ci } 2064a8e1175bSopenharmony_ci 2065a8e1175bSopenharmony_ci /* Export underlying public key for re-importing in a legacy context. 2066a8e1175bSopenharmony_ci * Note: mbedtls_rsa_write_key() writes backwards in the data buffer. */ 2067a8e1175bSopenharmony_ci pkey_start = pkey + sizeof(pkey); 2068a8e1175bSopenharmony_ci ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(pk), pkey, &pkey_start); 2069a8e1175bSopenharmony_ci TEST_ASSERT(ret >= 0); 2070a8e1175bSopenharmony_ci 2071a8e1175bSopenharmony_ci pkey_len = (size_t) ret; 2072a8e1175bSopenharmony_ci /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ 2073a8e1175bSopenharmony_ci pkey_start = pkey + sizeof(pkey) - pkey_len; 2074a8e1175bSopenharmony_ci 2075a8e1175bSopenharmony_ci /* Turn PK context into an opaque one. */ 2076a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); 2077a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); 2078a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2079a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2080a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); 2081a8e1175bSopenharmony_ci 2082a8e1175bSopenharmony_ci memset(hash, 0x2a, sizeof(hash)); 2083a8e1175bSopenharmony_ci memset(sig, 0, sizeof(sig)); 2084a8e1175bSopenharmony_ci 2085a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, 2086a8e1175bSopenharmony_ci sig, sizeof(sig), &sig_len, 2087a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2088a8e1175bSopenharmony_ci 2089a8e1175bSopenharmony_ci /* verify_ext() is not supported when using an opaque context. */ 2090a8e1175bSopenharmony_ci if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2091a8e1175bSopenharmony_ci mbedtls_pk_rsassa_pss_options pss_opts = { 2092a8e1175bSopenharmony_ci .mgf1_hash_id = md_alg, 2093a8e1175bSopenharmony_ci .expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY, 2094a8e1175bSopenharmony_ci }; 2095a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, &pss_opts, &pk, md_alg, 2096a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len), 2097a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); 2098a8e1175bSopenharmony_ci } else { 2099a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, NULL, &pk, md_alg, 2100a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len), 2101a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_TYPE_MISMATCH); 2102a8e1175bSopenharmony_ci } 2103a8e1175bSopenharmony_ci 2104a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2105a8e1175bSopenharmony_ci TEST_EQUAL(PSA_SUCCESS, psa_destroy_key(key_id)); 2106a8e1175bSopenharmony_ci 2107a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2108a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup(&pk, 2109a8e1175bSopenharmony_ci mbedtls_pk_info_from_type(pk_type)), 0); 2110a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(pk), pkey_start, pkey_len), 0); 2111a8e1175bSopenharmony_ci 2112a8e1175bSopenharmony_ci if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { 2113a8e1175bSopenharmony_ci rsassa_pss_options.mgf1_hash_id = md_alg; 2114a8e1175bSopenharmony_ci TEST_ASSERT(hash_len != 0); 2115a8e1175bSopenharmony_ci rsassa_pss_options.expected_salt_len = hash_len; 2116a8e1175bSopenharmony_ci options = (const void *) &rsassa_pss_options; 2117a8e1175bSopenharmony_ci } 2118a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg, 2119a8e1175bSopenharmony_ci hash, hash_len, sig, sig_len), 0); 2120a8e1175bSopenharmony_ci 2121a8e1175bSopenharmony_ciexit: 2122a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2123a8e1175bSopenharmony_ci PSA_DONE(); 2124a8e1175bSopenharmony_ci} 2125a8e1175bSopenharmony_ci/* END_CASE */ 2126a8e1175bSopenharmony_ci 2127a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2128a8e1175bSopenharmony_civoid pk_get_psa_attributes(int pk_type, int from_pair, 2129a8e1175bSopenharmony_ci int usage_arg, 2130a8e1175bSopenharmony_ci int to_pair, int expected_alg) 2131a8e1175bSopenharmony_ci{ 2132a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2133a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2134a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2135a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2136a8e1175bSopenharmony_ci mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2137a8e1175bSopenharmony_ci 2138a8e1175bSopenharmony_ci PSA_INIT(); 2139a8e1175bSopenharmony_ci 2140a8e1175bSopenharmony_ci psa_key_type_t expected_psa_type = 0; 2141a8e1175bSopenharmony_ci TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2142a8e1175bSopenharmony_ci &pk, &expected_psa_type), 0); 2143a8e1175bSopenharmony_ci if (!to_pair) { 2144a8e1175bSopenharmony_ci expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); 2145a8e1175bSopenharmony_ci } 2146a8e1175bSopenharmony_ci 2147a8e1175bSopenharmony_ci psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity 2148a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity 2149a8e1175bSopenharmony_ci psa_set_key_id(&attributes, key_id); 2150a8e1175bSopenharmony_ci psa_set_key_lifetime(&attributes, lifetime); 2151a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&attributes, 42); 2152a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); 2153a8e1175bSopenharmony_ci 2154a8e1175bSopenharmony_ci#if defined(MBEDTLS_ECDSA_DETERMINISTIC) 2155a8e1175bSopenharmony_ci /* When the resulting algorithm is ECDSA, the compile-time configuration 2156a8e1175bSopenharmony_ci * can cause it to be either deterministic or randomized ECDSA. 2157a8e1175bSopenharmony_ci * Rather than have two near-identical sets of test data depending on 2158a8e1175bSopenharmony_ci * the configuration, always use randomized in the test data and 2159a8e1175bSopenharmony_ci * tweak the expected result here. */ 2160a8e1175bSopenharmony_ci if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { 2161a8e1175bSopenharmony_ci expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); 2162a8e1175bSopenharmony_ci } 2163a8e1175bSopenharmony_ci#endif 2164a8e1175bSopenharmony_ci 2165a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); 2166a8e1175bSopenharmony_ci 2167a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); 2168a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2169a8e1175bSopenharmony_ci key_id)); 2170a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2171a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), 2172a8e1175bSopenharmony_ci mbedtls_pk_get_bitlen(&pk)); 2173a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2174a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); 2175a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2176a8e1175bSopenharmony_ci 2177a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2178a8e1175bSopenharmony_ci if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2179a8e1175bSopenharmony_ci goto exit; 2180a8e1175bSopenharmony_ci } 2181a8e1175bSopenharmony_ci 2182a8e1175bSopenharmony_ciexit: 2183a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2184a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2185a8e1175bSopenharmony_ci psa_destroy_key(new_key_id); 2186a8e1175bSopenharmony_ci PSA_DONE(); 2187a8e1175bSopenharmony_ci} 2188a8e1175bSopenharmony_ci/* END_CASE */ 2189a8e1175bSopenharmony_ci 2190a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */ 2191a8e1175bSopenharmony_civoid pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, 2192a8e1175bSopenharmony_ci int usage_arg, 2193a8e1175bSopenharmony_ci int to_pair, int expected_alg) 2194a8e1175bSopenharmony_ci{ 2195a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2196a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2197a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2198a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2199a8e1175bSopenharmony_ci mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2200a8e1175bSopenharmony_ci 2201a8e1175bSopenharmony_ci PSA_INIT(); 2202a8e1175bSopenharmony_ci 2203a8e1175bSopenharmony_ci psa_key_type_t expected_psa_type = 0; 2204a8e1175bSopenharmony_ci TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, 2205a8e1175bSopenharmony_ci &pk, &expected_psa_type), 0); 2206a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); 2207a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); 2208a8e1175bSopenharmony_ci if (!to_pair) { 2209a8e1175bSopenharmony_ci expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); 2210a8e1175bSopenharmony_ci } 2211a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); 2212a8e1175bSopenharmony_ci 2213a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); 2214a8e1175bSopenharmony_ci 2215a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 2216a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2217a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT)); 2218a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2219a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), 2220a8e1175bSopenharmony_ci mbedtls_pk_get_bitlen(&pk)); 2221a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2222a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); 2223a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2224a8e1175bSopenharmony_ci 2225a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2226a8e1175bSopenharmony_ci if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2227a8e1175bSopenharmony_ci goto exit; 2228a8e1175bSopenharmony_ci } 2229a8e1175bSopenharmony_ci 2230a8e1175bSopenharmony_ciexit: 2231a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2232a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2233a8e1175bSopenharmony_ci psa_destroy_key(new_key_id); 2234a8e1175bSopenharmony_ci PSA_DONE(); 2235a8e1175bSopenharmony_ci} 2236a8e1175bSopenharmony_ci/* END_CASE */ 2237a8e1175bSopenharmony_ci 2238a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2239a8e1175bSopenharmony_civoid pk_get_psa_attributes_fail(int pk_type, int from_pair, 2240a8e1175bSopenharmony_ci int usage_arg, 2241a8e1175bSopenharmony_ci int expected_ret) 2242a8e1175bSopenharmony_ci{ 2243a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2244a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2245a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2246a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2247a8e1175bSopenharmony_ci 2248a8e1175bSopenharmony_ci PSA_INIT(); 2249a8e1175bSopenharmony_ci 2250a8e1175bSopenharmony_ci psa_key_type_t expected_psa_type; 2251a8e1175bSopenharmony_ci TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2252a8e1175bSopenharmony_ci &pk, &expected_psa_type), 0); 2253a8e1175bSopenharmony_ci 2254a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 2255a8e1175bSopenharmony_ci expected_ret); 2256a8e1175bSopenharmony_ci 2257a8e1175bSopenharmony_ciexit: 2258a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2259a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2260a8e1175bSopenharmony_ci PSA_DONE(); 2261a8e1175bSopenharmony_ci} 2262a8e1175bSopenharmony_ci/* END_CASE */ 2263a8e1175bSopenharmony_ci 2264a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ 2265a8e1175bSopenharmony_civoid pk_import_into_psa_lifetime(int from_opaque, 2266a8e1175bSopenharmony_ci int from_persistent, /* when from opaque */ 2267a8e1175bSopenharmony_ci int from_exportable, /* when from opaque */ 2268a8e1175bSopenharmony_ci int to_public, 2269a8e1175bSopenharmony_ci int to_persistent) 2270a8e1175bSopenharmony_ci{ 2271a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2272a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2273a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2274a8e1175bSopenharmony_ci mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2275a8e1175bSopenharmony_ci mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2276a8e1175bSopenharmony_ci mbedtls_svc_key_id_t expected_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2277a8e1175bSopenharmony_ci psa_key_lifetime_t expected_lifetime = PSA_KEY_LIFETIME_VOLATILE; 2278a8e1175bSopenharmony_ci 2279a8e1175bSopenharmony_ci PSA_INIT(); 2280a8e1175bSopenharmony_ci 2281a8e1175bSopenharmony_ci if (from_opaque) { 2282a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 2283a8e1175bSopenharmony_ci psa_key_type_t from_psa_type = 2284a8e1175bSopenharmony_ci PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY); 2285a8e1175bSopenharmony_ci psa_set_key_type(&attributes, from_psa_type); 2286a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS); 2287a8e1175bSopenharmony_ci psa_set_key_usage_flags( 2288a8e1175bSopenharmony_ci &attributes, 2289a8e1175bSopenharmony_ci (from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) | 2290a8e1175bSopenharmony_ci PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); 2291a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); 2292a8e1175bSopenharmony_ci if (from_persistent) { 2293a8e1175bSopenharmony_ci psa_set_key_id(&attributes, mbedtls_svc_key_id_make(0, 1)); 2294a8e1175bSopenharmony_ci } 2295a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); 2296a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); 2297a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2298a8e1175bSopenharmony_ci#else 2299a8e1175bSopenharmony_ci (void) from_persistent; 2300a8e1175bSopenharmony_ci (void) from_exportable; 2301a8e1175bSopenharmony_ci TEST_FAIL("Attempted to test opaque key without opaque key support"); 2302a8e1175bSopenharmony_ci#endif 2303a8e1175bSopenharmony_ci } else { 2304a8e1175bSopenharmony_ci psa_key_type_t psa_type_according_to_setup; 2305a8e1175bSopenharmony_ci TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_ECKEY, 1, 2306a8e1175bSopenharmony_ci &pk, &psa_type_according_to_setup), 0); 2307a8e1175bSopenharmony_ci } 2308a8e1175bSopenharmony_ci 2309a8e1175bSopenharmony_ci if (to_persistent) { 2310a8e1175bSopenharmony_ci expected_key_id = mbedtls_svc_key_id_make(42, 2); 2311a8e1175bSopenharmony_ci psa_set_key_id(&attributes, expected_key_id); 2312a8e1175bSopenharmony_ci /* psa_set_key_id() sets the lifetime to PERSISTENT */ 2313a8e1175bSopenharmony_ci expected_lifetime = PSA_KEY_LIFETIME_PERSISTENT; 2314a8e1175bSopenharmony_ci } 2315a8e1175bSopenharmony_ci 2316a8e1175bSopenharmony_ci psa_key_usage_t to_usage = 2317a8e1175bSopenharmony_ci to_public ? PSA_KEY_USAGE_VERIFY_HASH : PSA_KEY_USAGE_SIGN_HASH; 2318a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, to_usage, 2319a8e1175bSopenharmony_ci &attributes), 0); 2320a8e1175bSopenharmony_ci /* mbedtls_pk_get_psa_attributes() is specified to not modify 2321a8e1175bSopenharmony_ci * the persistence attributes. */ 2322a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); 2323a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 2324a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_GET_KEY_ID(expected_key_id)); 2325a8e1175bSopenharmony_ci 2326a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); 2327a8e1175bSopenharmony_ci if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2328a8e1175bSopenharmony_ci goto exit; 2329a8e1175bSopenharmony_ci } 2330a8e1175bSopenharmony_ci 2331a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(new_key_id, &attributes)); 2332a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), expected_lifetime); 2333a8e1175bSopenharmony_ci /* Here expected_key_id=0 for a volatile key, but we expect 2334a8e1175bSopenharmony_ci * attributes to contain a dynamically assigned key id which we 2335a8e1175bSopenharmony_ci * can't predict. */ 2336a8e1175bSopenharmony_ci if (to_persistent) { 2337a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2338a8e1175bSopenharmony_ci expected_key_id)); 2339a8e1175bSopenharmony_ci } 2340a8e1175bSopenharmony_ci 2341a8e1175bSopenharmony_ciexit: 2342a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2343a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2344a8e1175bSopenharmony_ci psa_destroy_key(old_key_id); 2345a8e1175bSopenharmony_ci psa_destroy_key(new_key_id); 2346a8e1175bSopenharmony_ci PSA_DONE(); 2347a8e1175bSopenharmony_ci} 2348a8e1175bSopenharmony_ci/* END_CASE */ 2349a8e1175bSopenharmony_ci 2350a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 2351a8e1175bSopenharmony_civoid pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, 2352a8e1175bSopenharmony_ci int from_usage_arg, int from_alg_arg, 2353a8e1175bSopenharmony_ci int usage_arg, 2354a8e1175bSopenharmony_ci int expected_ret, 2355a8e1175bSopenharmony_ci int to_pair, int expected_usage_arg) 2356a8e1175bSopenharmony_ci{ 2357a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2358a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2359a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2360a8e1175bSopenharmony_ci mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2361a8e1175bSopenharmony_ci psa_key_type_t from_type = from_type_arg; 2362a8e1175bSopenharmony_ci size_t bits = from_bits_arg; 2363a8e1175bSopenharmony_ci psa_key_usage_t from_usage = from_usage_arg; 2364a8e1175bSopenharmony_ci psa_algorithm_t alg = from_alg_arg; 2365a8e1175bSopenharmony_ci psa_key_usage_t usage = usage_arg; 2366a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = expected_usage_arg; 2367a8e1175bSopenharmony_ci mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2368a8e1175bSopenharmony_ci 2369a8e1175bSopenharmony_ci PSA_INIT(); 2370a8e1175bSopenharmony_ci 2371a8e1175bSopenharmony_ci psa_set_key_type(&attributes, from_type); 2372a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 2373a8e1175bSopenharmony_ci psa_set_key_usage_flags(&attributes, from_usage); 2374a8e1175bSopenharmony_ci psa_set_key_algorithm(&attributes, alg); 2375a8e1175bSopenharmony_ci psa_set_key_enrollment_algorithm(&attributes, 42); 2376a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); 2377a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); 2378a8e1175bSopenharmony_ci 2379a8e1175bSopenharmony_ci psa_key_type_t expected_psa_type = 2380a8e1175bSopenharmony_ci to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); 2381a8e1175bSopenharmony_ci 2382a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 2383a8e1175bSopenharmony_ci expected_ret); 2384a8e1175bSopenharmony_ci 2385a8e1175bSopenharmony_ci if (expected_ret == 0) { 2386a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); 2387a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), 2388a8e1175bSopenharmony_ci MBEDTLS_SVC_KEY_ID_INIT)); 2389a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); 2390a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_bits(&attributes), bits); 2391a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); 2392a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); 2393a8e1175bSopenharmony_ci TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); 2394a8e1175bSopenharmony_ci 2395a8e1175bSopenharmony_ci int expected_import_ret = 0; 2396a8e1175bSopenharmony_ci if (to_pair && 2397a8e1175bSopenharmony_ci !(from_usage & (PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT))) { 2398a8e1175bSopenharmony_ci expected_import_ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; 2399a8e1175bSopenharmony_ci } 2400a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 2401a8e1175bSopenharmony_ci expected_import_ret); 2402a8e1175bSopenharmony_ci if (expected_import_ret == 0) { 2403a8e1175bSopenharmony_ci if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { 2404a8e1175bSopenharmony_ci goto exit; 2405a8e1175bSopenharmony_ci } 2406a8e1175bSopenharmony_ci } 2407a8e1175bSopenharmony_ci } 2408a8e1175bSopenharmony_ci 2409a8e1175bSopenharmony_ciexit: 2410a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2411a8e1175bSopenharmony_ci psa_destroy_key(old_key_id); 2412a8e1175bSopenharmony_ci psa_destroy_key(new_key_id); 2413a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2414a8e1175bSopenharmony_ci PSA_DONE(); 2415a8e1175bSopenharmony_ci} 2416a8e1175bSopenharmony_ci/* END_CASE */ 2417a8e1175bSopenharmony_ci 2418a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ 2419a8e1175bSopenharmony_civoid pk_import_into_psa_fail(int pk_type, int from_pair, 2420a8e1175bSopenharmony_ci int type_arg, int bits_arg, 2421a8e1175bSopenharmony_ci int expected_ret) 2422a8e1175bSopenharmony_ci{ 2423a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2424a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2425a8e1175bSopenharmony_ci psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 2426a8e1175bSopenharmony_ci psa_key_type_t type = type_arg; 2427a8e1175bSopenharmony_ci size_t bits = bits_arg; 2428a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); 2429a8e1175bSopenharmony_ci 2430a8e1175bSopenharmony_ci PSA_INIT(); 2431a8e1175bSopenharmony_ci 2432a8e1175bSopenharmony_ci psa_key_type_t expected_psa_type; 2433a8e1175bSopenharmony_ci TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, 2434a8e1175bSopenharmony_ci &pk, &expected_psa_type), 0); 2435a8e1175bSopenharmony_ci 2436a8e1175bSopenharmony_ci psa_set_key_type(&attributes, type); 2437a8e1175bSopenharmony_ci psa_set_key_bits(&attributes, bits); 2438a8e1175bSopenharmony_ci 2439a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 2440a8e1175bSopenharmony_ci expected_ret); 2441a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT)); 2442a8e1175bSopenharmony_ci 2443a8e1175bSopenharmony_ciexit: 2444a8e1175bSopenharmony_ci psa_destroy_key(key_id); 2445a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2446a8e1175bSopenharmony_ci psa_reset_key_attributes(&attributes); 2447a8e1175bSopenharmony_ci PSA_DONE(); 2448a8e1175bSopenharmony_ci} 2449a8e1175bSopenharmony_ci/* END_CASE */ 2450a8e1175bSopenharmony_ci 2451a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ 2452a8e1175bSopenharmony_civoid pk_import_into_psa_opaque(int from_type, int from_bits, 2453a8e1175bSopenharmony_ci int from_usage, int from_alg, 2454a8e1175bSopenharmony_ci int to_type, int to_bits, 2455a8e1175bSopenharmony_ci int to_usage, int to_alg, 2456a8e1175bSopenharmony_ci int expected_ret) 2457a8e1175bSopenharmony_ci{ 2458a8e1175bSopenharmony_ci mbedtls_pk_context pk; 2459a8e1175bSopenharmony_ci mbedtls_pk_init(&pk); 2460a8e1175bSopenharmony_ci psa_key_attributes_t from_attributes = PSA_KEY_ATTRIBUTES_INIT; 2461a8e1175bSopenharmony_ci mbedtls_svc_key_id_t from_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2462a8e1175bSopenharmony_ci psa_key_attributes_t to_attributes = PSA_KEY_ATTRIBUTES_INIT; 2463a8e1175bSopenharmony_ci mbedtls_svc_key_id_t to_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2464a8e1175bSopenharmony_ci psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; 2465a8e1175bSopenharmony_ci 2466a8e1175bSopenharmony_ci PSA_INIT(); 2467a8e1175bSopenharmony_ci 2468a8e1175bSopenharmony_ci psa_set_key_type(&from_attributes, from_type); 2469a8e1175bSopenharmony_ci psa_set_key_bits(&from_attributes, from_bits); 2470a8e1175bSopenharmony_ci psa_set_key_usage_flags(&from_attributes, from_usage); 2471a8e1175bSopenharmony_ci psa_set_key_algorithm(&from_attributes, from_alg); 2472a8e1175bSopenharmony_ci PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id)); 2473a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); 2474a8e1175bSopenharmony_ci 2475a8e1175bSopenharmony_ci psa_set_key_type(&to_attributes, to_type); 2476a8e1175bSopenharmony_ci psa_set_key_bits(&to_attributes, to_bits); 2477a8e1175bSopenharmony_ci psa_set_key_usage_flags(&to_attributes, to_usage); 2478a8e1175bSopenharmony_ci psa_set_key_algorithm(&to_attributes, to_alg); 2479a8e1175bSopenharmony_ci 2480a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &to_attributes, &to_key_id), 2481a8e1175bSopenharmony_ci expected_ret); 2482a8e1175bSopenharmony_ci 2483a8e1175bSopenharmony_ci if (expected_ret == 0) { 2484a8e1175bSopenharmony_ci PSA_ASSERT(psa_get_key_attributes(to_key_id, &actual_attributes)); 2485a8e1175bSopenharmony_ci TEST_EQUAL(to_type, psa_get_key_type(&actual_attributes)); 2486a8e1175bSopenharmony_ci if (to_bits != 0) { 2487a8e1175bSopenharmony_ci TEST_EQUAL(to_bits, psa_get_key_bits(&actual_attributes)); 2488a8e1175bSopenharmony_ci } 2489a8e1175bSopenharmony_ci TEST_EQUAL(to_alg, psa_get_key_algorithm(&actual_attributes)); 2490a8e1175bSopenharmony_ci psa_key_usage_t expected_usage = to_usage; 2491a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { 2492a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; 2493a8e1175bSopenharmony_ci } 2494a8e1175bSopenharmony_ci if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { 2495a8e1175bSopenharmony_ci expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; 2496a8e1175bSopenharmony_ci } 2497a8e1175bSopenharmony_ci TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); 2498a8e1175bSopenharmony_ci if (!mbedtls_test_key_consistency_psa_pk(to_key_id, &pk)) { 2499a8e1175bSopenharmony_ci goto exit; 2500a8e1175bSopenharmony_ci } 2501a8e1175bSopenharmony_ci } else { 2502a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); 2503a8e1175bSopenharmony_ci } 2504a8e1175bSopenharmony_ci 2505a8e1175bSopenharmony_ciexit: 2506a8e1175bSopenharmony_ci mbedtls_pk_free(&pk); 2507a8e1175bSopenharmony_ci psa_destroy_key(from_key_id); 2508a8e1175bSopenharmony_ci psa_destroy_key(to_key_id); 2509a8e1175bSopenharmony_ci psa_reset_key_attributes(&from_attributes); 2510a8e1175bSopenharmony_ci psa_reset_key_attributes(&to_attributes); 2511a8e1175bSopenharmony_ci psa_reset_key_attributes(&actual_attributes); 2512a8e1175bSopenharmony_ci PSA_DONE(); 2513a8e1175bSopenharmony_ci} 2514a8e1175bSopenharmony_ci/* END_CASE */ 2515a8e1175bSopenharmony_ci 2516a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2517a8e1175bSopenharmony_civoid pk_copy_from_psa_fail(void) 2518a8e1175bSopenharmony_ci{ 2519a8e1175bSopenharmony_ci mbedtls_pk_context pk_ctx; 2520a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2521a8e1175bSopenharmony_ci 2522a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_ctx); 2523a8e1175bSopenharmony_ci PSA_INIT(); 2524a8e1175bSopenharmony_ci 2525a8e1175bSopenharmony_ci /* Null pk pointer. */ 2526a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, NULL), 2527a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2528a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, NULL), 2529a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2530a8e1175bSopenharmony_ci 2531a8e1175bSopenharmony_ci /* Invalid key ID. */ 2532a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), 2533a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2534a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(mbedtls_svc_key_id_make(0, 0), &pk_ctx), 2535a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2536a8e1175bSopenharmony_ci 2537a8e1175bSopenharmony_ci#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) 2538a8e1175bSopenharmony_ci /* Generate a key type that is not handled by the PK module. */ 2539a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, 2540a8e1175bSopenharmony_ci PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, &key_id)); 2541a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2542a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2543a8e1175bSopenharmony_ci psa_destroy_key(key_id); 2544a8e1175bSopenharmony_ci#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ 2545a8e1175bSopenharmony_ci 2546a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \ 2547a8e1175bSopenharmony_ci defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) 2548a8e1175bSopenharmony_ci /* Generate an EC key which cannot be exported. */ 2549a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 2550a8e1175bSopenharmony_ci 0, PSA_ALG_NONE, &key_id)); 2551a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); 2552a8e1175bSopenharmony_ci psa_destroy_key(key_id); 2553a8e1175bSopenharmony_ci#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 && 2554a8e1175bSopenharmony_ci PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ 2555a8e1175bSopenharmony_ci 2556a8e1175bSopenharmony_ciexit: 2557a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_ctx); 2558a8e1175bSopenharmony_ci psa_destroy_key(key_id); 2559a8e1175bSopenharmony_ci PSA_DONE(); 2560a8e1175bSopenharmony_ci} 2561a8e1175bSopenharmony_ci/* END_CASE */ 2562a8e1175bSopenharmony_ci 2563a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ 2564a8e1175bSopenharmony_civoid pk_copy_from_psa_builtin_fail() 2565a8e1175bSopenharmony_ci{ 2566a8e1175bSopenharmony_ci mbedtls_pk_context pk_ctx; 2567a8e1175bSopenharmony_ci mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 2568a8e1175bSopenharmony_ci 2569a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_ctx); 2570a8e1175bSopenharmony_ci PSA_INIT(); 2571a8e1175bSopenharmony_ci 2572a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 2573a8e1175bSopenharmony_ci PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, 2574a8e1175bSopenharmony_ci PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, 2575a8e1175bSopenharmony_ci PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), 2576a8e1175bSopenharmony_ci &key_id)); 2577a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); 2578a8e1175bSopenharmony_ciexit: 2579a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_ctx); 2580a8e1175bSopenharmony_ci psa_destroy_key(key_id); 2581a8e1175bSopenharmony_ci PSA_DONE(); 2582a8e1175bSopenharmony_ci} 2583a8e1175bSopenharmony_ci/* END_CASE */ 2584a8e1175bSopenharmony_ci 2585a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2586a8e1175bSopenharmony_civoid pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg, 2587a8e1175bSopenharmony_ci int key_alg_arg) 2588a8e1175bSopenharmony_ci{ 2589a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2590a8e1175bSopenharmony_ci psa_algorithm_t key_alg = key_alg_arg; 2591a8e1175bSopenharmony_ci psa_key_usage_t key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | 2592a8e1175bSopenharmony_ci PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; 2593a8e1175bSopenharmony_ci mbedtls_pk_context pk_priv, pk_priv_copy_public, pk_pub, pk_pub_copy_public; 2594a8e1175bSopenharmony_ci mbedtls_svc_key_id_t priv_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2595a8e1175bSopenharmony_ci mbedtls_svc_key_id_t pub_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2596a8e1175bSopenharmony_ci unsigned char *in_buf = NULL; 2597a8e1175bSopenharmony_ci size_t in_buf_len = MBEDTLS_MD_MAX_SIZE; 2598a8e1175bSopenharmony_ci unsigned char out_buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 2599a8e1175bSopenharmony_ci unsigned char out_buf2[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; 2600a8e1175bSopenharmony_ci size_t out_buf_len, out_buf2_len; 2601a8e1175bSopenharmony_ci 2602a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_priv); 2603a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_priv_copy_public); 2604a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_pub); 2605a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_pub_copy_public); 2606a8e1175bSopenharmony_ci PSA_INIT(); 2607a8e1175bSopenharmony_ci 2608a8e1175bSopenharmony_ci if (key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) { 2609a8e1175bSopenharmony_ci key_usage |= PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; 2610a8e1175bSopenharmony_ci } 2611a8e1175bSopenharmony_ci 2612a8e1175bSopenharmony_ci /* Create both a private key and its public counterpart in PSA. */ 2613a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2614a8e1175bSopenharmony_ci key_type, key_usage, key_alg, &priv_key_id)); 2615a8e1175bSopenharmony_ci pub_key_id = psa_pub_key_from_priv(priv_key_id); 2616a8e1175bSopenharmony_ci 2617a8e1175bSopenharmony_ci /* Create 4 PK contexts starting from the PSA keys we just created. */ 2618a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(priv_key_id, &pk_priv), 0); 2619a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(priv_key_id, &pk_priv_copy_public), 0); 2620a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(pub_key_id, &pk_pub), 0); 2621a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(pub_key_id, &pk_pub_copy_public), 0); 2622a8e1175bSopenharmony_ci 2623a8e1175bSopenharmony_ci /* Destoy both PSA keys to prove that generated PK contexts are independent 2624a8e1175bSopenharmony_ci * from them. */ 2625a8e1175bSopenharmony_ci priv_key_id = psa_copy_and_destroy(priv_key_id); 2626a8e1175bSopenharmony_ci pub_key_id = psa_copy_and_destroy(pub_key_id); 2627a8e1175bSopenharmony_ci 2628a8e1175bSopenharmony_ci /* Test #1: 2629a8e1175bSopenharmony_ci * - check that the generated PK contexts are of the correct type. 2630a8e1175bSopenharmony_ci * - [only for RSA] check that the padding mode is correct. 2631a8e1175bSopenharmony_ci */ 2632a8e1175bSopenharmony_ci if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) { 2633a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_ECKEY); 2634a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_ECKEY); 2635a8e1175bSopenharmony_ci } else { 2636a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk_priv), MBEDTLS_PK_RSA); 2637a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_get_type(&pk_pub), MBEDTLS_PK_RSA); 2638a8e1175bSopenharmony_ci#if defined(MBEDTLS_RSA_C) 2639a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa_priv = mbedtls_pk_rsa(pk_priv); 2640a8e1175bSopenharmony_ci mbedtls_rsa_context *rsa_pub = mbedtls_pk_rsa(pk_pub); 2641a8e1175bSopenharmony_ci if (PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) { 2642a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V21); 2643a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V21); 2644a8e1175bSopenharmony_ci } else { 2645a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_priv), MBEDTLS_RSA_PKCS_V15); 2646a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_rsa_get_padding_mode(rsa_pub), MBEDTLS_RSA_PKCS_V15); 2647a8e1175bSopenharmony_ci } 2648a8e1175bSopenharmony_ci#endif /* MBEDTLS_RSA_C */ 2649a8e1175bSopenharmony_ci } 2650a8e1175bSopenharmony_ci 2651a8e1175bSopenharmony_ci /* Test #2: check that the 2 generated PK contexts form a valid private/public key pair. */ 2652a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_check_pair(&pk_pub, &pk_priv, mbedtls_test_rnd_std_rand, NULL), 0); 2653a8e1175bSopenharmony_ci 2654a8e1175bSopenharmony_ci /* Get the MD alg to be used for the tests below from the provided key policy. */ 2655a8e1175bSopenharmony_ci mbedtls_md_type_t md_for_test = MBEDTLS_MD_ALG_FOR_TEST; /* Default */ 2656a8e1175bSopenharmony_ci if ((PSA_ALG_GET_HASH(key_alg) != PSA_ALG_NONE) && 2657a8e1175bSopenharmony_ci (PSA_ALG_GET_HASH(key_alg) != PSA_ALG_ANY_HASH)) { 2658a8e1175bSopenharmony_ci md_for_test = mbedtls_md_type_from_psa_alg(key_alg); 2659a8e1175bSopenharmony_ci } 2660a8e1175bSopenharmony_ci /* Use also the same MD algorithm for PSA sign/verify checks. This is helpful 2661a8e1175bSopenharmony_ci * for the cases in which the key policy algorithm is ANY_HASH type. */ 2662a8e1175bSopenharmony_ci psa_algorithm_t psa_alg_for_test = 2663a8e1175bSopenharmony_ci (key_alg & ~PSA_ALG_HASH_MASK) | 2664a8e1175bSopenharmony_ci (mbedtls_md_psa_alg_from_type(md_for_test) & PSA_ALG_HASH_MASK); 2665a8e1175bSopenharmony_ci 2666a8e1175bSopenharmony_ci in_buf_len = mbedtls_md_get_size_from_type(md_for_test); 2667a8e1175bSopenharmony_ci TEST_CALLOC(in_buf, in_buf_len); 2668a8e1175bSopenharmony_ci memset(in_buf, 0x1, in_buf_len); 2669a8e1175bSopenharmony_ci 2670a8e1175bSopenharmony_ci /* Test #3: sign/verify with the following pattern: 2671a8e1175bSopenharmony_ci * - Sign using the PK context generated from the private key. 2672a8e1175bSopenharmony_ci * - Verify from the same PK context used for signature. 2673a8e1175bSopenharmony_ci * - Verify with the PK context generated using public key. 2674a8e1175bSopenharmony_ci * - Verify using the public PSA key directly. 2675a8e1175bSopenharmony_ci */ 2676a8e1175bSopenharmony_ci 2677a8e1175bSopenharmony_ci /* Edge cases: in a build with RSA key support but not RSA padding modes, 2678a8e1175bSopenharmony_ci * or with ECDSA verify support but not signature, the signature might be 2679a8e1175bSopenharmony_ci * impossible. */ 2680a8e1175bSopenharmony_ci int pk_can_sign = 0; 2681a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V15) 2682a8e1175bSopenharmony_ci if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(key_alg) || key_alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { 2683a8e1175bSopenharmony_ci pk_can_sign = 1; 2684a8e1175bSopenharmony_ci } 2685a8e1175bSopenharmony_ci#endif 2686a8e1175bSopenharmony_ci#if defined(MBEDTLS_PKCS1_V21) 2687a8e1175bSopenharmony_ci if (PSA_ALG_IS_RSA_PSS(key_alg) || PSA_ALG_IS_RSA_OAEP(key_alg)) { 2688a8e1175bSopenharmony_ci pk_can_sign = 1; 2689a8e1175bSopenharmony_ci } 2690a8e1175bSopenharmony_ci#endif 2691a8e1175bSopenharmony_ci#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) 2692a8e1175bSopenharmony_ci if (PSA_ALG_IS_ECDSA(key_alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(key_alg)) { 2693a8e1175bSopenharmony_ci pk_can_sign = 1; 2694a8e1175bSopenharmony_ci } 2695a8e1175bSopenharmony_ci#endif 2696a8e1175bSopenharmony_ci if (pk_can_sign) { 2697a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len, 2698a8e1175bSopenharmony_ci out_buf, sizeof(out_buf), &out_buf_len, 2699a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2700a8e1175bSopenharmony_ci 2701a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len, 2702a8e1175bSopenharmony_ci out_buf, out_buf_len), 0); 2703a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len, 2704a8e1175bSopenharmony_ci out_buf, out_buf_len), 0); 2705a8e1175bSopenharmony_ci } 2706a8e1175bSopenharmony_ci 2707a8e1175bSopenharmony_ci if (PSA_ALG_IS_HASH_AND_SIGN(key_alg)) { 2708a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) 2709a8e1175bSopenharmony_ci /* ECDSA signature requires PK->PSA format conversion. */ 2710a8e1175bSopenharmony_ci if (PSA_ALG_IS_ECDSA(key_alg)) { 2711a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecdsa_der_to_raw(mbedtls_pk_get_bitlen(&pk_pub), 2712a8e1175bSopenharmony_ci out_buf, out_buf_len, out_buf, 2713a8e1175bSopenharmony_ci sizeof(out_buf), &out_buf_len), 0); 2714a8e1175bSopenharmony_ci } 2715a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ 2716a8e1175bSopenharmony_ci PSA_ASSERT(psa_verify_hash(pub_key_id, psa_alg_for_test, in_buf, in_buf_len, 2717a8e1175bSopenharmony_ci out_buf, out_buf_len)); 2718a8e1175bSopenharmony_ci } 2719a8e1175bSopenharmony_ci 2720a8e1175bSopenharmony_ci /* Test #4: check sign/verify interoperability also in the opposite direction: 2721a8e1175bSopenharmony_ci * sign with PSA and verify with PK. Key's policy must include a valid hash 2722a8e1175bSopenharmony_ci * algorithm (not any). 2723a8e1175bSopenharmony_ci */ 2724a8e1175bSopenharmony_ci if (PSA_ALG_IS_HASH_AND_SIGN(key_alg)) { 2725a8e1175bSopenharmony_ci PSA_ASSERT(psa_sign_hash(priv_key_id, psa_alg_for_test, in_buf, in_buf_len, 2726a8e1175bSopenharmony_ci out_buf, sizeof(out_buf), &out_buf_len)); 2727a8e1175bSopenharmony_ci#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) 2728a8e1175bSopenharmony_ci /* ECDSA signature requires PSA->PK format conversion */ 2729a8e1175bSopenharmony_ci if (PSA_ALG_IS_ECDSA(key_alg)) { 2730a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ecdsa_raw_to_der(mbedtls_pk_get_bitlen(&pk_pub), 2731a8e1175bSopenharmony_ci out_buf, out_buf_len, out_buf, 2732a8e1175bSopenharmony_ci sizeof(out_buf), &out_buf_len), 0); 2733a8e1175bSopenharmony_ci } 2734a8e1175bSopenharmony_ci#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ 2735a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len, 2736a8e1175bSopenharmony_ci out_buf, out_buf_len), 0); 2737a8e1175bSopenharmony_ci } 2738a8e1175bSopenharmony_ci 2739a8e1175bSopenharmony_ci /* Test #5: in case of RSA key pair try also encryption/decryption. */ 2740a8e1175bSopenharmony_ci if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(key_alg)) { 2741a8e1175bSopenharmony_ci /* Encrypt with the public key only PK context. */ 2742a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_encrypt(&pk_pub, in_buf, in_buf_len, 2743a8e1175bSopenharmony_ci out_buf, &out_buf_len, sizeof(out_buf), 2744a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2745a8e1175bSopenharmony_ci 2746a8e1175bSopenharmony_ci /* Decrypt with key pair PK context and compare with original data. */ 2747a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_decrypt(&pk_priv, out_buf, out_buf_len, 2748a8e1175bSopenharmony_ci out_buf2, &out_buf2_len, sizeof(out_buf2), 2749a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2750a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); 2751a8e1175bSopenharmony_ci 2752a8e1175bSopenharmony_ci if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(key_alg)) { 2753a8e1175bSopenharmony_ci /* Decrypt with PSA private key directly and compare with original data. */ 2754a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_decrypt(priv_key_id, key_alg, out_buf, out_buf_len, 2755a8e1175bSopenharmony_ci NULL, 0, 2756a8e1175bSopenharmony_ci out_buf2, sizeof(out_buf2), &out_buf2_len)); 2757a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); 2758a8e1175bSopenharmony_ci 2759a8e1175bSopenharmony_ci /* Encrypt with PSA public key directly, decrypt with public key PK context 2760a8e1175bSopenharmony_ci * and compare with original data. */ 2761a8e1175bSopenharmony_ci PSA_ASSERT(psa_asymmetric_encrypt(pub_key_id, key_alg, in_buf, in_buf_len, 2762a8e1175bSopenharmony_ci NULL, 0, 2763a8e1175bSopenharmony_ci out_buf, sizeof(out_buf), &out_buf_len)); 2764a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_decrypt(&pk_priv, out_buf, out_buf_len, 2765a8e1175bSopenharmony_ci out_buf2, &out_buf2_len, sizeof(out_buf2), 2766a8e1175bSopenharmony_ci mbedtls_test_rnd_std_rand, NULL), 0); 2767a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(in_buf, in_buf_len, out_buf2, out_buf2_len); 2768a8e1175bSopenharmony_ci } 2769a8e1175bSopenharmony_ci } 2770a8e1175bSopenharmony_ci 2771a8e1175bSopenharmony_ci /* Test that the keys from mbedtls_pk_copy_public_from_psa() are identical 2772a8e1175bSopenharmony_ci * to the public key from mbedtls_pk_copy_from_psa(). */ 2773a8e1175bSopenharmony_ci mbedtls_test_set_step(1); 2774a8e1175bSopenharmony_ci TEST_ASSERT(pk_public_same(&pk_pub, &pk_priv_copy_public)); 2775a8e1175bSopenharmony_ci mbedtls_test_set_step(2); 2776a8e1175bSopenharmony_ci TEST_ASSERT(pk_public_same(&pk_pub, &pk_pub_copy_public)); 2777a8e1175bSopenharmony_ci 2778a8e1175bSopenharmony_ciexit: 2779a8e1175bSopenharmony_ci mbedtls_free(in_buf); 2780a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_priv); 2781a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_priv_copy_public); 2782a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_pub); 2783a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_pub_copy_public); 2784a8e1175bSopenharmony_ci psa_destroy_key(priv_key_id); 2785a8e1175bSopenharmony_ci psa_destroy_key(pub_key_id); 2786a8e1175bSopenharmony_ci PSA_DONE(); 2787a8e1175bSopenharmony_ci} 2788a8e1175bSopenharmony_ci/* END_CASE */ 2789a8e1175bSopenharmony_ci 2790a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ 2791a8e1175bSopenharmony_civoid pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg) 2792a8e1175bSopenharmony_ci{ 2793a8e1175bSopenharmony_ci psa_key_type_t key_type = key_type_arg; 2794a8e1175bSopenharmony_ci mbedtls_pk_context pk_from_exportable; 2795a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_from_exportable); 2796a8e1175bSopenharmony_ci mbedtls_pk_context pk_from_non_exportable; 2797a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_from_non_exportable); 2798a8e1175bSopenharmony_ci mbedtls_pk_context pk_private; 2799a8e1175bSopenharmony_ci mbedtls_pk_init(&pk_private); 2800a8e1175bSopenharmony_ci mbedtls_svc_key_id_t non_exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2801a8e1175bSopenharmony_ci mbedtls_svc_key_id_t exportable_key_id = MBEDTLS_SVC_KEY_ID_INIT; 2802a8e1175bSopenharmony_ci 2803a8e1175bSopenharmony_ci PSA_INIT(); 2804a8e1175bSopenharmony_ci 2805a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2806a8e1175bSopenharmony_ci key_type, 2807a8e1175bSopenharmony_ci PSA_KEY_USAGE_EXPORT, 2808a8e1175bSopenharmony_ci PSA_ALG_NONE, 2809a8e1175bSopenharmony_ci &exportable_key_id)); 2810a8e1175bSopenharmony_ci PSA_ASSERT(pk_psa_import_key(priv_key_data->x, priv_key_data->len, 2811a8e1175bSopenharmony_ci key_type, 2812a8e1175bSopenharmony_ci 0, 2813a8e1175bSopenharmony_ci PSA_ALG_NONE, 2814a8e1175bSopenharmony_ci &non_exportable_key_id)); 2815a8e1175bSopenharmony_ci 2816a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(exportable_key_id, 2817a8e1175bSopenharmony_ci &pk_from_exportable), 0); 2818a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_public_from_psa(non_exportable_key_id, 2819a8e1175bSopenharmony_ci &pk_from_non_exportable), 0); 2820a8e1175bSopenharmony_ci 2821a8e1175bSopenharmony_ci /* Check that the non-exportable key really is non-exportable */ 2822a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_pk_copy_from_psa(non_exportable_key_id, &pk_private), 2823a8e1175bSopenharmony_ci MBEDTLS_ERR_PK_TYPE_MISMATCH); 2824a8e1175bSopenharmony_ci 2825a8e1175bSopenharmony_ci psa_destroy_key(exportable_key_id); 2826a8e1175bSopenharmony_ci psa_destroy_key(non_exportable_key_id); 2827a8e1175bSopenharmony_ci 2828a8e1175bSopenharmony_ci /* The goal of this test function is mostly to check that 2829a8e1175bSopenharmony_ci * mbedtls_pk_copy_public_from_psa works with a non-exportable key pair. 2830a8e1175bSopenharmony_ci * We check that the resulting key is the same as for an exportable 2831a8e1175bSopenharmony_ci * key pair. We rely on pk_copy_from_psa_success tests to validate that 2832a8e1175bSopenharmony_ci * the result is correct. */ 2833a8e1175bSopenharmony_ci TEST_ASSERT(pk_public_same(&pk_from_non_exportable, &pk_from_exportable)); 2834a8e1175bSopenharmony_ci 2835a8e1175bSopenharmony_ciexit: 2836a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_from_non_exportable); 2837a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_from_exportable); 2838a8e1175bSopenharmony_ci mbedtls_pk_free(&pk_private); 2839a8e1175bSopenharmony_ci psa_destroy_key(exportable_key_id); 2840a8e1175bSopenharmony_ci psa_destroy_key(non_exportable_key_id); 2841a8e1175bSopenharmony_ci PSA_DONE(); 2842a8e1175bSopenharmony_ci} 2843a8e1175bSopenharmony_ci/* END_CASE */ 2844