Plug in the entry point for public key export through driver
Including test.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 56f3ef8..90f8c58 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -58,10 +58,21 @@
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits);
+psa_status_t test_transparent_validate_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits);
+
+psa_status_t test_transparent_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length );
+
+psa_status_t test_opaque_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
index d6d75b3..d089691 100644
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -137,10 +137,11 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- size_t *bits)
+psa_status_t test_transparent_validate_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ size_t *bits )
{
++test_driver_key_management_hooks.hits;
@@ -248,4 +249,106 @@
* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
}
+psa_status_t test_transparent_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ ++test_driver_keygen_hooks.hits;
+
+ if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS )
+ return( test_driver_keygen_hooks.forced_status );
+
+ if( test_driver_keygen_hooks.forced_output != NULL )
+ {
+ if( test_driver_keygen_hooks.forced_output_length > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( data, test_driver_keygen_hooks.forced_output,
+ test_driver_keygen_hooks.forced_output_length );
+ *data_length = test_driver_keygen_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ if( key == NULL || key_length == 0 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ psa_key_type_t keytype = psa_get_key_type( attributes );
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_ECC( keytype ) )
+ {
+ if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Mostly copied from psa_crypto.c */
+ mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ecp_keypair ecp;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
+
+ if( attributes->domain_parameters_size != 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ),
+ PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) );
+ if( grp_id == MBEDTLS_ECP_DP_NONE )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ mbedtls_ecp_keypair_init( &ecp );
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
+ if( status != PSA_SUCCESS )
+ goto ecp_exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_read_key( ecp.grp.id,
+ &ecp,
+ key,
+ key_length ) );
+ if( status != PSA_SUCCESS )
+ goto ecp_exit;
+
+ /* Calculate the public key */
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) );
+ if( status != PSA_SUCCESS )
+ goto ecp_exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ data_length,
+ data,
+ data_size ) );
+ if( status != PSA_SUCCESS )
+ memset( data, 0, data_size );
+ecp_exit:
+ mbedtls_ecp_keypair_free( &ecp );
+ return( status );
+ }
+#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR ||
+ * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t test_opaque_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) data;
+ (void) data_size;
+ (void) data_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 1f1ee39..2b1400b 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -59,6 +59,22 @@
validate key through transparent driver: error
validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR
+export_key private to public through driver: fake
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_key:PSA_SUCCESS:"0102030405":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_SUCCESS
+
+export_key private to public through driver: in-driver
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS
+
+export_key private to public through driver: fallback
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS
+
+export_key private to public through driver: error
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR
+
PSA symmetric encrypt: AES-CTR, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a0140d2..50415ca 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -218,6 +218,73 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+void export_key( int force_status_arg,
+ data_t *fake_output,
+ int key_in_type_arg,
+ data_t *key_in,
+ int key_out_type_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_status_t force_status = force_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_handle_t handle = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t input_key_type = key_in_type_arg;
+ psa_key_type_t output_key_type = key_out_type_arg;
+ const uint8_t *expected_output_ptr = NULL;
+ size_t expected_output_length = 0;
+ psa_status_t actual_status;
+ uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0};
+ size_t actual_output_length;
+ test_driver_keygen_hooks = test_driver_keygen_hooks_init();
+
+ psa_set_key_type( &attributes, input_key_type );
+ psa_set_key_bits( &attributes, 256 );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ PSA_ASSERT( psa_import_key( &attributes, key_in->x, key_in->len, &handle ) );
+
+ if( fake_output->len > 0 )
+ {
+ expected_output_ptr = test_driver_keygen_hooks.forced_output = fake_output->x;
+ expected_output_length = test_driver_keygen_hooks.forced_output_length =
+ fake_output->len;
+ }
+ else
+ {
+ expected_output_ptr = expected_output->x;
+ expected_output_length = expected_output->len;
+ }
+
+ test_driver_keygen_hooks.hits = 0;
+ test_driver_keygen_hooks.forced_status = force_status;
+
+ if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) )
+ actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
+ else
+ actual_status = psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
+ TEST_EQUAL( actual_status, expected_status );
+
+ if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) &&
+ !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) )
+ TEST_EQUAL( test_driver_keygen_hooks.hits, 1 );
+
+ if( actual_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( actual_output, actual_output_length,
+ expected_output_ptr, expected_output_length );
+ }
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( handle );
+ PSA_DONE( );
+ test_driver_keygen_hooks = test_driver_keygen_hooks_init();
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void cipher_encrypt( int alg_arg, int key_type_arg,
data_t *key, data_t *iv,