test_suite_pk: test check_pair() also with opaque RSA keys
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ddcbd83..73d27fe 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -1021,6 +1021,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ int is_ec_key = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_init(&pub);
@@ -1057,16 +1058,22 @@
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
- /* Turn the prv PK context into an opaque one.*/
- TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
- &opaque_key_attr), 0);
- TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
- mbedtls_pk_free(&prv);
- mbedtls_pk_init(&prv);
- TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
+ is_ec_key = (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY);
+ /* Turn the prv PK context into an opaque one.*/
+ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
+ &opaque_key_attr), 0);
+ TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
+ mbedtls_pk_free(&prv);
+ mbedtls_pk_init(&prv);
+ TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
+ /* Test check_pair() between the opaque key we just created and the public PK counterpart.
+ * Note: opaque EC keys support check_pair(), whereas RSA ones do not. */
+ if (is_ec_key) {
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
NULL), ret);
+ } else {
+ TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
+ NULL), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
}
#endif