TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0dc79a754dc0dfbe06465549a9c7a1094a992a01^! / . / tests / suites / test_suite_pk.function
commit0dc79a754dc0dfbe06465549a9c7a1094a992a01[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Mar 11 15:23:12 2024 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Tue Mar 12 15:06:47 2024 +0100
treee25143a572bf8d5c7be2c0aefebd97a5ceea9aa6
parent17d5b6bda203455eb6a3f0a2fd3d006383920815 [diff] [blame]
Fix and test pk_copy_from_psa with an unsupported algorithm

Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 81d6dd5..2feb9c4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function

@@ -2547,14 +2547,36 @@
      * - Verify with the PK context generated using public key.
      * - Verify using the public PSA key directly.
      */
-    TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
-                               out_buf, sizeof(out_buf), &out_buf_len,
-                               mbedtls_test_rnd_std_rand, NULL), 0);
 
-    TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len,
-                                 out_buf, out_buf_len), 0);
-    TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len,
-                                 out_buf, out_buf_len), 0);
+    /* Edge cases: in a build with RSA key support but not RSA padding modes,
+     * or with ECDSA verify support but not signature, the signature might be
+     * impossible. */
+    int pk_can_sign = 0;
+#if defined(MBEDTLS_PKCS1_V15)
+    if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(key_alg) || key_alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
+        pk_can_sign = 1;
+    }
+#endif
+#if defined(MBEDTLS_PKCS1_V21)
+    if (PSA_ALG_IS_RSA_PSS(key_alg) || PSA_ALG_IS_RSA_OAEP(key_alg)) {
+        pk_can_sign = 1;
+    }
+#endif
+#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
+    if (PSA_ALG_IS_ECDSA(key_alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(key_alg)) {
+        pk_can_sign = 1;
+    }
+#endif
+    if (pk_can_sign) {
+        TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
+                                   out_buf, sizeof(out_buf), &out_buf_len,
+                                   mbedtls_test_rnd_std_rand, NULL), 0);
+
+        TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len,
+                                     out_buf, out_buf_len), 0);
+        TEST_EQUAL(mbedtls_pk_verify(&pk_pub, md_for_test, in_buf, in_buf_len,
+                                     out_buf, out_buf_len), 0);
+    }
 
     if (PSA_ALG_IS_HASH_AND_SIGN(key_alg)) {
 #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)