TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5b802a366a0fc114092894a89b8945e3f353be12^! / .
commit5b802a366a0fc114092894a89b8945e3f353be12[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 29 19:21:41 2018 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 29 19:21:41 2018 +0100
tree08385cda5607bc0eee2cd5a4b8c2446248229d66
parente783d34543e7a95b0f26dd6fc3f7897426ca233f [diff]
Private EC key format: remove ASN.1-based sanity checks

In preparation for the import/export format change for private
elliptic curve keys from RFC 5915 to the raw secret value,
remove ASN.1-based sanity checks. For the raw secret value, most byte
strings of the correct length are valid (the details depend on the
curve), so as a sanity check, just check the length.

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 139a62f..73f03b5 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function

@@ -564,42 +564,9 @@
 #if defined(MBEDTLS_ECP_C)
     if( PSA_KEY_TYPE_IS_ECC_KEYPAIR( type ) )
     {
-        uint8_t *p = exported;
-        uint8_t *end = exported + exported_length;
-        size_t len;
-        int version;
-        /*   ECPrivateKey ::= SEQUENCE {
-         *       version             INTEGER,  -- must be 1
-         *       privateKey          OCTET STRING,
-         *           -- `ceiling(log_{256}(n))`-byte string, big endian,
-         *           -- where n is the order of the curve.
-         *       parameters          ECParameters {{ NamedCurve }},  -- mandatory
-         *       publicKey           BIT STRING  -- mandatory
-         *   }
-         */
-        TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
-                                           MBEDTLS_ASN1_SEQUENCE |
-                                           MBEDTLS_ASN1_CONSTRUCTED ) == 0 );
-        TEST_ASSERT( p + len == end );
-        TEST_ASSERT( mbedtls_asn1_get_int( &p, end, &version ) == 0 );
-        TEST_ASSERT( version == 1 );
-        TEST_ASSERT( mbedtls_asn1_get_tag( &p, end, &len,
-                                           MBEDTLS_ASN1_OCTET_STRING ) == 0 );
-        /* Bug in Mbed TLS: the length of the octet string depends on the value */
-        // TEST_ASSERT( len == PSA_BITS_TO_BYTES( bits ) );
-        p += len;
-        TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 0,
-                                            MBEDTLS_ASN1_OID ) == 0 );
-        p += len;
-        /* publicKey: ECPoint in uncompressed representation (as below) */
-        TEST_ASSERT( asn1_get_implicit_tag( &p, end, &len, 1,
-                                            MBEDTLS_ASN1_BIT_STRING ) == 0 );
-        TEST_ASSERT( p + len == end );
-        TEST_ASSERT( p[0] == 0 ); /* 0 unused bits in the bit string */
-        ++p;
-        TEST_ASSERT( p + 1 + 2 * PSA_BITS_TO_BYTES( bits ) == end );
-        TEST_ASSERT( p[0] == 4 );
-     }
+        /* Just the secret value */
+        TEST_ASSERT( exported_length == PSA_BITS_TO_BYTES( bits ) );
+    }
     else
 #endif /* MBEDTLS_ECP_C */